From a6d6f1626d357420b75f115eb05e868bfed348a3 Mon Sep 17 00:00:00 2001
From: asomers <asomers@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Mon, 1 Oct 2018 16:08:27 +0000
Subject: [PATCH] MFC r336605:

Fix multiple Coverity warnings in tftpd(8)

* Initialize uninitialized variable (CID 1006502)
* strcpy => strlcpy (CID 1006792, 1006791, 1006790)
* Check function return values (CID 1009442, 1009441, 1009440)
* Delete dead code in receive_packet (not reported by Coverity)
* Remove redundant alarm(3) in receive_packet (not reported by Coverity)

Reported by:	Coverity
CID: 1006502, 1006792, 1006791, 1006790, 1009442, 1009441, 1009440
Differential Revision:	https://reviews.freebsd.org/D11287


git-svn-id: svn://svn.freebsd.org/base/stable/10@339059 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 libexec/tftpd/tftp-file.c  |  4 +++-
 libexec/tftpd/tftp-io.c    | 16 ++++------------
 libexec/tftpd/tftp-utils.c |  4 +++-
 libexec/tftpd/tftpd.c      | 10 +++++++---
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/libexec/tftpd/tftp-file.c b/libexec/tftpd/tftp-file.c
index 6b8fb6e83..c39ca6173 100644
--- a/libexec/tftpd/tftp-file.c
+++ b/libexec/tftpd/tftp-file.c
@@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$");
 #include <netinet/in.h>
 #include <arpa/tftp.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -78,7 +79,8 @@ convert_from_net(char *buffer, size_t count)
 		if (buffer[i] == '\n') {
 			if (n == 0) {
 				if (ftell(file) != 0) {
-					fseek(file, -1, SEEK_END);
+					int r = fseek(file, -1, SEEK_END);
+					assert(r == 0);
 					convbuffer[n++] = '\n';
 				} else {
 					/* This shouldn't happen */
diff --git a/libexec/tftpd/tftp-io.c b/libexec/tftpd/tftp-io.c
index 6dabf4f70..6a6800ffc 100644
--- a/libexec/tftpd/tftp-io.c
+++ b/libexec/tftpd/tftp-io.c
@@ -34,6 +34,7 @@ __FBSDID("$FreeBSD$");
 #include <arpa/tftp.h>
 #include <arpa/inet.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <setjmp.h>
 #include <signal.h>
@@ -393,7 +394,7 @@ receive_packet(int peer, char *data, int size, struct sockaddr_storage *from,
 	struct sockaddr_storage *pfrom;
 	socklen_t fromlen;
 	int n;
-	static int waiting;
+	static int timed_out;
 
 	if (debug&DEBUG_PACKETS)
 		tftp_log(LOG_DEBUG,
@@ -401,23 +402,16 @@ receive_packet(int peer, char *data, int size, struct sockaddr_storage *from,
 
 	pkt = (struct tftphdr *)data;
 
-	waiting = 0;
 	signal(SIGALRM, timeout);
-	setjmp(timeoutbuf);
+	timed_out = setjmp(timeoutbuf);
 	alarm(thistimeout);
 
-	if (waiting > 0) {
-		alarm(0);
-		return (RP_TIMEOUT);
-	}
-
-	if (waiting > 0) {
+	if (timed_out != 0) {
 		tftp_log(LOG_ERR, "receive_packet: timeout");
 		alarm(0);
 		return (RP_TIMEOUT);
 	}
 
-	waiting++;
 	pfrom = (from == NULL) ? &from_local : from;
 	fromlen = sizeof(*pfrom);
 	n = recvfrom(peer, data, size, 0, (struct sockaddr *)pfrom, &fromlen);
@@ -431,8 +425,6 @@ receive_packet(int peer, char *data, int size, struct sockaddr_storage *from,
 		return (RP_TIMEOUT);
 	}
 
-	alarm(0);
-
 	if (n < 0) {
 		/* No idea what could have happened if it isn't a timeout */
 		tftp_log(LOG_ERR, "receive_packet: %s", strerror(errno));
diff --git a/libexec/tftpd/tftp-utils.c b/libexec/tftpd/tftp-utils.c
index c55f120a3..25a305ffd 100644
--- a/libexec/tftpd/tftp-utils.c
+++ b/libexec/tftpd/tftp-utils.c
@@ -268,11 +268,13 @@ char *
 rp_strerror(int error)
 {
 	static char s[100];
+	size_t space = sizeof(s);
 	int i = 0;
 
 	while (rp_errors[i].desc != NULL) {
 		if (rp_errors[i].error == error) {
-			strcpy(s, rp_errors[i].desc);
+			strlcpy(s, rp_errors[i].desc, space);
+			space -= strlen(rp_errors[i].desc);
 		}
 		i++;
 	}
diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index aaeede428..bcd4bb84e 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -372,7 +372,10 @@ main(int argc, char *argv[])
 			exit(1);
 		}
 		chdir("/");
-		setgroups(1, &nobody->pw_gid);
+		if (setgroups(1, &nobody->pw_gid) != 0) {
+			tftp_log(LOG_ERR, "setgroups failed");
+			exit(1);
+		}
 		if (setuid(nobody->pw_uid) != 0) {
 			tftp_log(LOG_ERR, "setuid failed");
 			exit(1);
@@ -520,7 +523,7 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size)
 	cp = parse_header(peer, recvbuffer, size, &filename, &mode);
 	size -= (cp - recvbuffer) + 1;
 
-	strcpy(fnbuf, filename);
+	strlcpy(fnbuf, filename, sizeof(fnbuf));
 	reduce_path(fnbuf);
 	filename = fnbuf;
 
@@ -565,7 +568,7 @@ tftp_rrq(int peer, char *recvbuffer, ssize_t size)
 	cp = parse_header(peer, recvbuffer, size, &filename, &mode);
 	size -= (cp - recvbuffer) + 1;
 
-	strcpy(fnbuf, filename);
+	strlcpy(fnbuf, filename, sizeof(fnbuf));
 	reduce_path(fnbuf);
 	filename = fnbuf;
 
@@ -802,6 +805,7 @@ tftp_xmitfile(int peer, const char *mode)
 	time_t now;
 	struct tftp_stats ts;
 
+	memset(&ts, 0, sizeof(ts));
 	now = time(NULL);
 	if (debug&DEBUG_SIMPLE)
 		tftp_log(LOG_DEBUG, "Transmitting file");
-- 
2.42.0