clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name rstatd.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/libexec/rpc.rstatd/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/libexec/rpc.rstatd/../../usr.bin/vmstat -D NOKVM -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/libexec/rpc.rstatd/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/libexec/rpc.rstatd/rstatd.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | #include <sys/types.h> |
32 | #include <sys/socket.h> |
33 | #include <stdio.h> |
34 | #include <stdlib.h> |
35 | #include <string.h> |
36 | #include <unistd.h> |
37 | #include <limits.h> |
38 | #include <signal.h> |
39 | #include <pwd.h> |
40 | #include <syslog.h> |
41 | #include <errno.h> |
42 | #include <rpc/rpc.h> |
43 | #include <rpcsvc/rstat.h> |
44 | |
45 | extern void rstat_service(struct svc_req *, SVCXPRT *); |
46 | |
47 | void my_svc_run(void); |
48 | |
49 | int from_inetd = 1; |
50 | int closedown = 20; |
51 | |
52 | volatile sig_atomic_t gotsig; |
53 | |
54 | static void |
55 | getsig(int signo) |
56 | { |
57 | gotsig = 1; |
58 | } |
59 | |
60 | |
61 | int |
62 | main(int argc, char *argv[]) |
63 | { |
64 | int sock = 0, proto = 0; |
65 | socklen_t fromlen; |
66 | struct passwd *pw; |
67 | struct sockaddr_storage from; |
68 | SVCXPRT *transp; |
69 | |
70 | openlog("rpc.rstatd", LOG_NDELAY|LOG_CONS|LOG_PID, LOG_DAEMON); |
71 | |
72 | if ((pw = getpwnam("_rstatd")) == NULL) { |
| 1 | Assuming the condition is false | |
|
| |
73 | syslog(LOG_ERR, "no such user _rstatd"); |
74 | exit(1); |
75 | } |
76 | if (chroot("/var/empty") == -1) { |
| 3 | | Assuming the condition is false | |
|
| |
77 | syslog(LOG_ERR, "cannot chdir to /var/empty."); |
78 | exit(1); |
79 | } |
80 | chdir("/"); |
81 | |
82 | setgroups(1, &pw->pw_gid); |
83 | setegid(pw->pw_gid); |
84 | setgid(pw->pw_gid); |
85 | seteuid(pw->pw_uid); |
86 | setuid(pw->pw_uid); |
87 | |
88 | if (argc == 2) |
| 5 | | Assuming 'argc' is not equal to 2 | |
|
| |
89 | closedown = strtonum(argv[1], 1, INT_MAX, NULL); |
90 | if (closedown == 0) |
| |
91 | closedown = 20; |
92 | |
93 | |
94 | |
95 | |
96 | fromlen = sizeof(from); |
97 | if (getsockname(0, (struct sockaddr *)&from, &fromlen) == -1) { |
| 8 | | Assuming the condition is false | |
|
| |
98 | from_inetd = 0; |
99 | sock = RPC_ANYSOCK; |
100 | proto = IPPROTO_UDP; |
101 | } |
102 | |
103 | if (!from_inetd) { |
| |
104 | daemon(0, 0); |
105 | |
106 | (void)pmap_unset(RSTATPROG, RSTATVERS_TIME); |
107 | (void)pmap_unset(RSTATPROG, RSTATVERS_SWTCH); |
108 | (void)pmap_unset(RSTATPROG, RSTATVERS_ORIG); |
109 | |
110 | (void) signal(SIGINT, getsig); |
111 | (void) signal(SIGTERM, getsig); |
112 | (void) signal(SIGHUP, getsig); |
113 | } |
114 | |
115 | transp = svcudp_create(sock); |
116 | if (transp == NULL) { |
| 11 | | Assuming 'transp' is not equal to NULL | |
|
| |
117 | syslog(LOG_ERR, "cannot create udp service."); |
118 | exit(1); |
119 | } |
120 | if (!svc_register(transp, RSTATPROG, RSTATVERS_TIME, rstat_service, proto)) { |
| 13 | | Assuming the condition is false | |
|
| |
121 | syslog(LOG_ERR, "unable to register (RSTATPROG, RSTATVERS_TIME, udp)."); |
122 | exit(1); |
123 | } |
124 | if (!svc_register(transp, RSTATPROG, RSTATVERS_SWTCH, rstat_service, proto)) { |
| 15 | | Assuming the condition is false | |
|
| |
125 | syslog(LOG_ERR, "unable to register (RSTATPROG, RSTATVERS_SWTCH, udp)."); |
126 | exit(1); |
127 | } |
128 | if (!svc_register(transp, RSTATPROG, RSTATVERS_ORIG, rstat_service, proto)) { |
| 17 | | Assuming the condition is false | |
|
| |
129 | syslog(LOG_ERR, "unable to register (RSTATPROG, RSTATVERS_ORIG, udp)."); |
130 | exit(1); |
131 | } |
132 | |
133 | my_svc_run(); |
| |
134 | syslog(LOG_ERR, "svc_run returned"); |
135 | exit(1); |
136 | } |
137 | |
138 | void |
139 | my_svc_run(void) |
140 | { |
141 | extern volatile sig_atomic_t wantupdatestat; |
142 | extern void updatestat(void); |
143 | struct pollfd *pfd = NULL, *newp; |
| 20 | | 'pfd' initialized to a null pointer value | |
|
144 | int nready, saved_max_pollfd = 0; |
145 | |
146 | for (;;) { |
| 21 | | Loop condition is true. Entering loop body | |
|
147 | if (wantupdatestat) { |
| 22 | | Assuming 'wantupdatestat' is 0 | |
|
| |
148 | wantupdatestat = 0; |
149 | updatestat(); |
150 | } |
151 | if (gotsig) { |
| |
| |
152 | (void) pmap_unset(RSTATPROG, RSTATVERS_TIME); |
153 | (void) pmap_unset(RSTATPROG, RSTATVERS_SWTCH); |
154 | (void) pmap_unset(RSTATPROG, RSTATVERS_ORIG); |
155 | exit(0); |
156 | } |
157 | if (svc_max_pollfd > saved_max_pollfd) { |
| 26 | | Assuming 'svc_max_pollfd' is <= 'saved_max_pollfd' | |
|
| |
158 | newp = reallocarray(pfd, svc_max_pollfd, sizeof(*pfd)); |
159 | if (newp == NULL) { |
160 | free(pfd); |
161 | perror("svc_run: - realloc failed"); |
162 | return; |
163 | } |
164 | pfd = newp; |
165 | saved_max_pollfd = svc_max_pollfd; |
166 | } |
167 | memcpy(pfd, svc_pollfd, svc_max_pollfd * sizeof(*pfd)); |
| 28 | | Null pointer passed as 1st argument to memory copy function |
|
168 | |
169 | nready = poll(pfd, svc_max_pollfd, INFTIM); |
170 | switch (nready) { |
171 | case -1: |
172 | if (errno == EINTR) |
173 | continue; |
174 | perror("svc_run: - poll failed"); |
175 | free(pfd); |
176 | return; |
177 | case 0: |
178 | continue; |
179 | default: |
180 | svc_getreq_poll(pfd, nready); |
181 | } |
182 | } |
183 | } |