Fix read through uninit in forked libcoap 03/22303/2
authorMats Wichmann <mats@linux.com>
Fri, 1 Sep 2017 16:42:23 +0000 (10:42 -0600)
committerMats Wichmann <mats@linux.com>
Wed, 18 Oct 2017 15:24:16 +0000 (15:24 +0000)
In the forked libcoap, in coap_new_context, a context type
is allocated, then if no address was passed, tries to free
it back up and quits.  This makes no sense: if we know we
can't proceed without listen_addr, check for that up front,
before allocations.  In the existing code, coap_free_context(c)
would cause the fields of c to be used during the freeing
process, but they've never been set up.

Coverity:
5. uninit_use_in_call: Using uninitialized value c->resources when calling coap_free_context.
6. uninit_use_in_call: Using uninitialized value c->sendqueue when calling coap_free_context.
7. uninit_use_in_call: Using uninitialized value c->recvqueue when calling coap_free_context.
CID 1379688: Uninitialized pointer read (UNINIT)
8. uninit_use_in_call: Using uninitialized value c->sockfd when calling coap_free_context.

Upstream doesn't look like this at all any more, so there's
really nothing to upstream on this one.

Change-Id: Ifee6acf0d8547c39c55140f92d397390a957ed50
Signed-off-by: Mats Wichmann <mats@linux.com>
resource/csdk/connectivity/lib/libcoap-4.1.1/net.c

index d40388f..f44a206 100644 (file)
@@ -330,6 +330,12 @@ is_wkc(coap_key_t k)
 coap_context_t *
 coap_new_context(const coap_address_t *listen_addr)
 {
+    if (!listen_addr)
+    {
+        coap_log(LOG_EMERG, "no listen address specified\n");
+        return NULL;
+    }
+
 #if defined(WITH_POSIX) || defined(_WIN32)
     coap_context_t *c = coap_malloc( sizeof( coap_context_t ) );
     int reuse = 1;
@@ -342,16 +348,6 @@ coap_new_context(const coap_address_t *listen_addr)
 #elif WITH_LWIP
     coap_context_t *c = memp_malloc(MEMP_COAP_CONTEXT);
 #endif /* WITH_POSIX */
-    if (!listen_addr)
-    {
-        coap_log(LOG_EMERG, "no listen address specified\n");
-#if defined(WITH_POSIX)
-        coap_free_context(c);
-#elif WITH_LWIP
-        memp_free(c);
-#endif
-        return NULL;
-    }
 
     coap_clock_init();
 #ifdef WITH_LWIP