diff -up ypserv-2.24/lib/pidfile.c.staticanal ypserv-2.24/lib/pidfile.c
--- ypserv-2.24/lib/pidfile.c.staticanal 2010-02-23 14:44:55.000000000 +0100
+++ ypserv-2.24/lib/pidfile.c 2011-03-30 15:07:59.603016625 +0200
@@ -40,6 +40,7 @@ create_pidfile (const char *filename, co
log_msg ("cannot create pidfile %s", filename);
if (debug_flag)
log_msg ("\n");
+ return;
}
lock.l_type = F_WRLCK;
diff -up ypserv-2.24/lib/yp_db.c.staticanal ypserv-2.24/lib/yp_db.c
--- ypserv-2.24/lib/yp_db.c.staticanal 2009-04-02 13:35:16.000000000 +0200
+++ ypserv-2.24/lib/yp_db.c 2011-03-30 15:07:59.604016623 +0200
@@ -56,6 +56,7 @@ _db_open (const char *domain, const char
dbp = gdbm_open (buf, 0, GDBM_READER, 0, NULL);
+ /* This is a deadcode, because gdbm_cache_value is always negative */
if (dbp && gdbm_cache_value >= 0)
gdbm_setopt(dbp, GDBM_CACHESIZE, &gdbm_cache_value, sizeof(int));
diff -up ypserv-2.24/lib/ypserv_conf.c.staticanal ypserv-2.24/lib/ypserv_conf.c
--- ypserv-2.24/lib/ypserv_conf.c.staticanal 2008-04-15 15:04:47.000000000 +0200
+++ ypserv-2.24/lib/ypserv_conf.c 2011-03-30 15:07:59.605016621 +0200
@@ -64,7 +64,7 @@ getipnr (char *n, char *network, char *n
m = strtok (n, "/");
- sscanf (m, "%s", buf);
+ sscanf (m, "%19s", buf);
for (i = 0; i < strlen (buf); i++)
if ((buf[i] < '0' || buf[i] > '9') && buf[i] != '.')
@@ -172,7 +172,7 @@ load_ypserv_conf (const char *path)
{
FILE *in;
char c, *cp;
- char buf1[1025], buf2[1025], buf3[1025];
+ char buf1[1025], buf2[1025]="", buf3[1025];
long line = 0;
conffile_t *ptr = NULL, *work = NULL;
char *filename = alloca (strlen (path) + sizeof ("/ypserv.conf") + 1);
diff -up ypserv-2.24/makedbm/makedbm.c.staticanal ypserv-2.24/makedbm/makedbm.c
--- ypserv-2.24/makedbm/makedbm.c.staticanal 2006-01-10 20:22:20.000000000 +0100
+++ ypserv-2.24/makedbm/makedbm.c 2011-03-30 15:07:59.608016615 +0200
@@ -458,6 +458,9 @@ create_file (char *fileName, char *dbmNa
rename (filename, dbmName);
#endif
free (filename);
+
+ if (strcmp (fileName, "-"))
+ fclose(input);
}
static void
diff -up ypserv-2.24/revnetgroup/getnetgrent.c.staticanal ypserv-2.24/revnetgroup/getnetgrent.c
--- ypserv-2.24/revnetgroup/getnetgrent.c.staticanal 2005-05-31 15:36:47.000000000 +0200
+++ ypserv-2.24/revnetgroup/getnetgrent.c 2011-03-30 15:07:59.609016613 +0200
@@ -243,6 +243,8 @@ rev_parse_entry (char *start, char *end,
list->list = malloc (10 * sizeof (struct netgrentry));
if (NULL != list->list)
list->maxmembers = 10;
+ else
+ return;
}
if (list->members == list->maxmembers)
diff -up ypserv-2.24/rpc.yppasswdd/update.c.staticanal ypserv-2.24/rpc.yppasswdd/update.c
--- ypserv-2.24/rpc.yppasswdd/update.c.staticanal 2010-09-24 11:44:20.000000000 +0200
+++ ypserv-2.24/rpc.yppasswdd/update.c 2011-03-30 15:07:59.610016611 +0200
@@ -433,6 +433,7 @@ update_files (yppasswd *yppw, char *logb
log_msg ("%s failed", logbuf);
log_msg ("Can't stat %s: %m", path_shadow);
fclose (oldpf);
+ fclose (newpf);
fclose (oldsf);
return 1;
}
diff -up ypserv-2.24/rpc.yppasswdd/yppasswdd.c.staticanal ypserv-2.24/rpc.yppasswdd/yppasswdd.c
--- ypserv-2.24/rpc.yppasswdd/yppasswdd.c.staticanal 2011-03-30 15:07:59.587016657 +0200
+++ ypserv-2.24/rpc.yppasswdd/yppasswdd.c 2011-03-30 15:07:59.612016607 +0200
@@ -378,6 +378,12 @@ main (int argc, char **argv)
}
umask(0);
i = open("/dev/null", O_RDWR);
+ if (i == -1)
+ {
+ int err = errno;
+ log_msg ("rpc.yppasswdd: open /dev/null failed: %s\n", strerror (err));
+ exit (err);
+ }
if (dup(i) == -1)
{
int err = errno;
diff -up ypserv-2.24/yphelper/yphelper.c.staticanal ypserv-2.24/yphelper/yphelper.c
--- ypserv-2.24/yphelper/yphelper.c.staticanal 2005-05-31 11:14:40.000000000 +0200
+++ ypserv-2.24/yphelper/yphelper.c 2011-03-30 15:07:59.613016605 +0200
@@ -539,7 +539,7 @@ is_master (char *map, char *domain, char
#if USE_FQDN
struct hostent *hp = NULL;
#endif
- char *hostname, *domainname;
+ char *hostname, *domainname, *val;
int ret;
if (domain != NULL)
@@ -580,11 +580,14 @@ is_master (char *map, char *domain, char
#endif
if (strcasecmp (hostname,
- get_dbm_entry ("YP_MASTER_NAME", map, domainname)) == 0)
+ (val = get_dbm_entry ("YP_MASTER_NAME", map, domainname))) == 0)
ret = 0;
else
ret = 1;
+ if (val)
+ free(val);
+
free(hostname);
exit (ret);
}
diff -up ypserv-2.24/ypserv/server.c.staticanal ypserv-2.24/ypserv/server.c
--- ypserv-2.24/ypserv/server.c.staticanal 2011-03-30 16:39:52.110206471 +0200
+++ ypserv-2.24/ypserv/server.c 2011-03-30 16:41:01.565147875 +0200
@@ -636,6 +636,12 @@ ypproc_xfr_2_svc (ypreq_xfr *argp, ypres
umask (0);
i = open ("/dev/null", O_RDWR);
+ if (i == -1)
+ {
+ int err = errno;
+ log_msg ("ypxfr execl(): %s", strerror (err));
+ exit (err);
+ }
if (dup (i) == -1)
{
int err = errno;
@@ -828,6 +834,7 @@ ypproc_all_2_svc (ypreq_nokey *argp, ypr
if (debug_flag)
log_msg ("\t-> Ignored (not a valid domain)");
result->ypresp_all_u.val.stat = YP_NODOM;
+ break;
case -4:
if (debug_flag)
log_msg ("\t-> Ignored (map does not exist)");
diff -up ypserv-2.24/ypserv/ypserv.c.staticanal ypserv-2.24/ypserv/ypserv.c
--- ypserv-2.24/ypserv/ypserv.c.staticanal 2011-03-30 15:07:59.591016649 +0200
+++ ypserv-2.24/ypserv/ypserv.c 2011-03-30 15:07:59.615016601 +0200
@@ -417,6 +417,11 @@ main (int argc, char **argv)
umask (0);
i = open ("/dev/null", O_RDWR);
+ if (i == -1)
+ {
+ log_msg ("opening /dev/null failed: %s\n", strerror (errno));
+ exit (1);
+ }
if (dup (i) == -1)
{
log_msg ("dup failed: %s\n", strerror (errno));
diff -up ypserv-2.24/ypxfr/ypxfr.c.staticanal ypserv-2.24/ypxfr/ypxfr.c
--- ypserv-2.24/ypxfr/ypxfr.c.staticanal 2011-03-30 15:07:59.584016663 +0200
+++ ypserv-2.24/ypxfr/ypxfr.c 2011-03-30 15:07:59.617016597 +0200
@@ -837,7 +837,11 @@ main (int argc, char **argv)
if (target_domain == NULL)
{
- yp_get_default_domain (&target_domain);
+ if (yp_get_default_domain (&target_domain) != 0)
+ {
+ log_msg ("Cannot get default domain");
+ exit (1);
+ }
if (target_domain == NULL)
{