Fix some static analysis results.

This series of issues was found by Zoltan Fridrich.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

11 files changed, 69 insertions, 8 deletions

diff --git a/libcap/_makenames.c b/libcap/_makenames.c
index 46ab0c9..b09cf69 100644
--- a/libcap/_makenames.c
+++ b/libcap/_makenames.c
@@ -49,6 +49,10 @@ int main(void)
 	    int was = pointers_avail * sizeof(char *);
 	    pointers_avail = 2 * list[i].index + 1;
 	    pointers = recalloc(pointers, was, pointers_avail * sizeof(char *));
+	    if (pointers == NULL) {
+		perror("unable to continue");
+		exit(1);
+	    }
         }
 	pointers[list[i].index] = list[i].name;
 	int n = strlen(list[i].name);
diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c
index fdb8cbe..1494f8d 100644
--- a/libcap/cap_proc.c
+++ b/libcap/cap_proc.c
@@ -723,6 +723,10 @@ static int _cap_iab_set_proc(struct syscaller_s *sc, cap_iab_t iab)
     cap_value_t c;
     int raising = 0;
 
+    if (temp == NULL) {
+	return -1;
+    }
+
     for (i = 0; i < _LIBCAP_CAPABILITY_U32S; i++) {
 	__u32 newI = iab->i[i];
 	__u32 oldIP = temp->u[i].flat[CAP_INHERITABLE] |
diff --git a/libcap/cap_text.c b/libcap/cap_text.c
index 17072f7..a0857bc 100644
--- a/libcap/cap_text.c
+++ b/libcap/cap_text.c
@@ -160,6 +160,7 @@ cap_t cap_from_text(const char *str)
 	cap_blks = _LINUX_CAPABILITY_U32S_3;
 	break;
     default:
+	cap_free(res);
 	errno = EINVAL;
 	return NULL;
     }
@@ -403,6 +404,9 @@ char *cap_to_text(cap_t caps, ssize_t *length_p)
 	for (n = 0; n < cmb; n++) {
 	    if (getstateflags(caps, n) == t) {
 	        char *this_cap_name = cap_to_name(n);
+		if (this_cap_name == NULL) {
+		    return NULL;
+		}
 	        if ((strlen(this_cap_name) + (p - buf)) > CAP_TEXT_SIZE) {
 		    cap_free(this_cap_name);
 		    errno = ERANGE;
@@ -455,6 +459,9 @@ char *cap_to_text(cap_t caps, ssize_t *length_p)
 	for (n = cmb; n < __CAP_MAXBITS; n++) {
 	    if (getstateflags(caps, n) == t) {
 		char *this_cap_name = cap_to_name(n);
+		if (this_cap_name == NULL) {
+		    return NULL;
+		}
 	        if ((strlen(this_cap_name) + (p - buf)) > CAP_TEXT_SIZE) {
 		    cap_free(this_cap_name);
 		    errno = ERANGE;
@@ -554,6 +561,9 @@ char *cap_iab_to_text(cap_iab_t iab)
 cap_iab_t cap_iab_from_text(const char *text)
 {
     cap_iab_t iab = cap_iab_init();
+    if (iab == NULL) {
+	return iab;
+    }
     if (text != NULL) {
 	unsigned flags;
 	for (flags = 0; *text; text++) {
diff --git a/libcap/execable.c b/libcap/execable.c
index be18914..5e7a88f 100644
--- a/libcap/execable.c
+++ b/libcap/execable.c
@@ -4,7 +4,7 @@
 SO_MAIN(int argc, char **argv)
 {
     const char *cmd = "This library";
-    if (argv != NULL) {
+    if (argv != NULL && argv[0] != NULL) {
 	cmd = argv[0];
     }
     printf("%s is the shared library version: " LIBRARY_VERSION ".\n"
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 162e1f5..17ad83e 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -67,6 +67,9 @@ static int load_groups(const char *user, char ***groups, int *groups_n) {
     }
 
     *groups = calloc(ngrps, sizeof(char *));
+    if (*groups == NULL) {
+	return -1;
+    }
     int g_n = 0, i;
     for (i = 0; i < ngrps; i++) {
 	const struct group *g = getgrgid(grps[i]);
diff --git a/progs/capsh.c b/progs/capsh.c
index 50c2c99..42d9064 100644
--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -101,7 +101,16 @@ static void display_current_iab(void)
     char *text;
 
     iab = cap_iab_get_proc();
+    if (iab == NULL) {
+	perror("failed to get IAB for process");
+	exit(1);
+    }
     text = cap_iab_to_text(iab);
+    if (text == NULL) {
+	perror("failed to obtain text for IAB");
+	cap_free(iab);
+	exit(1);
+    }
     printf("Current IAB: %s\n", text);
     cap_free(text);
     cap_free(iab);
@@ -436,6 +445,10 @@ int main(int argc, char *argv[], char *envp[])
     child = 0;
 
     char *temp_name = cap_to_name(cap_max_bits() - 1);
+    if (temp_name == NULL) {
+	perror("obtaining highest capability name");
+	exit(1);
+    }
     if (temp_name[0] != 'c') {
 	printf("WARNING: libcap needs an update (cap=%d should have a name).\n",
 	       cap_max_bits() - 1);
@@ -1014,6 +1027,10 @@ int main(int argc, char *argv[], char *envp[])
 		const char **lines = explanations[cap];
 		int j;
 		char *name = cap_to_name(cap);
+		if (name == NULL) {
+		    perror("invalid named cap");
+		    exit(1);
+		}
 		char *match = strcasestr(name, argv[i]+10);
 		cap_free(name);
 		if (match != NULL) {
diff --git a/progs/getcap.c b/progs/getcap.c
index eec733b..7df7f0e 100644
--- a/progs/getcap.c
+++ b/progs/getcap.c
@@ -110,11 +110,11 @@ int main(int argc, char **argv)
 
     for (i=optind; argv[i] != NULL; i++) {
 	struct stat stbuf;
-
-	if (lstat(argv[i], &stbuf) != 0) {
-	    fprintf(stderr, "%s (%s)\n", argv[i], strerror(errno));
+	char *arg = argv[i];
+	if (lstat(arg, &stbuf) != 0) {
+	    fprintf(stderr, "%s (%s)\n", arg, strerror(errno));
 	} else if (recursive) {
-	    nftw(argv[i], do_getcap, 20, FTW_PHYS);
+	    nftw(arg, do_getcap, 20, FTW_PHYS);
 	} else {
 	    int tflag = S_ISREG(stbuf.st_mode) ? FTW_F :
 		(S_ISLNK(stbuf.st_mode) ? FTW_SL : FTW_NS);
diff --git a/progs/setcap.c b/progs/setcap.c
index 54260be..066e47f 100644
--- a/progs/setcap.c
+++ b/progs/setcap.c
@@ -167,9 +167,12 @@ int main(int argc, char **argv)
 	    }
 
 	    cap_on_file = cap_get_file(*++argv);
-
 	    if (cap_on_file == NULL) {
 		cap_on_file = cap_from_text("=");
+		if (cap_on_file == NULL) {
+		    perror("unable to use missing capability");
+		    exit(1);
+		}
 	    }
 
 	    cmp = cap_compare(cap_on_file, cap_d);
@@ -252,6 +255,7 @@ int main(int argc, char **argv)
 				argv[0]);
 			exit(1);
 		    }
+		    /* FALLTHROUGH */
 		default:
 		    fprintf(stderr,
 			    "Failed to set capabilities on file '%s': %s\n",
diff --git a/psx/psx.c b/psx/psx.c
index 90dcc50..c317063 100644
--- a/psx/psx.c
+++ b/psx/psx.c
@@ -107,6 +107,10 @@ pthread_key_t psx_action_key;
  */
 static void *psx_do_registration(void) {
     registered_thread_t *node = calloc(1, sizeof(registered_thread_t));
+    if (node == NULL) {
+	perror("unable to register psx handler");
+	_exit(1);
+    }
     pthread_mutex_init(&node->mu, NULL);
     node->thread = pthread_self();
     pthread_setspecific(psx_action_key, node);
diff --git a/tests/libcap_launch_test.c b/tests/libcap_launch_test.c
index f45b2b7..d1b3d40 100644
--- a/tests/libcap_launch_test.c
+++ b/tests/libcap_launch_test.c
@@ -40,7 +40,9 @@ struct test_case_s {
 static int clean_out(void *data) {
     cap_t empty;
     empty = cap_init();
-    cap_set_proc(empty);
+    if (cap_set_proc(empty) != 0) {
+	_exit(1);
+    }
     cap_free(empty);
     return 0;
 }
@@ -121,12 +123,16 @@ int main(int argc, char **argv) {
 
     int success = 1, i;
     for (i=0; vs[i].pass_on != NO_MORE; i++) {
+	cap_launch_t attr;
 	const struct test_case_s *v = &vs[i];
 	printf("[%d] test should %s\n", i,
 	       v->result || v->launch_abort ? "generate error" : "work");
-	cap_launch_t attr;
 	if (v->args[0] != NULL) {
 	    attr = cap_new_launcher(v->args[0], v->args, v->envp);
+	    if (attr == NULL) {
+		perror("failed to obtain launcher");
+		exit(1);
+	    }
 	    if (v->callback_fn != NULL) {
 		cap_launcher_callback(attr, v->callback_fn);
 	    }
diff --git a/tests/libcap_psx_test.c b/tests/libcap_psx_test.c
index 9f53f06..e473126 100644
--- a/tests/libcap_psx_test.c
+++ b/tests/libcap_psx_test.c
@@ -16,6 +16,10 @@ static void *thread_fork_exit(void *data) {
     usleep(1234);
     pid_t pid = fork();
     cap_t start = cap_get_proc();
+    if (start == NULL) {
+	perror("FAILED: unable to start");
+	exit(1);
+    }
     if (pid == 0) {
 	cap_set_proc(start);
 	exit(0);
@@ -27,6 +31,7 @@ static void *thread_fork_exit(void *data) {
 	exit(1);
     }
     cap_set_proc(start);
+    cap_free(start);
     return NULL;
 }
 
@@ -35,6 +40,10 @@ int main(int argc, char **argv) {
     printf("hello libcap and libpsx ");
     fflush(stdout);
     cap_t start = cap_get_proc();
+    if (start == NULL) {
+	perror("FAILED: to actually start");
+	exit(1);
+    }
     pthread_t ignored[10];
     for (i = 0; i < 10; i++) {
 	pthread_create(&ignored[i], NULL, thread_fork_exit, NULL);