From 7e841130e03a35133585e6e165860fbb90d4904b Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Mon, 10 Jan 2022 15:33:14 +0000
Subject: [PATCH] coverity fixes

---
 lib/core-net/client/connect3.c                        |  6 +++++-
 lib/core-net/route.c                                  |  2 ++
 lib/tls/tls.c                                         | 11 +++++------
 .../api-tests/api-test-dhcpc/main.c                   |  4 ++++
 .../minimal-ws-client-spam-tx-rx/minimal-ws-client.c  |  7 ++++++-
 plugins/ssh-base/sshd.c                               |  2 +-
 6 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/lib/core-net/client/connect3.c b/lib/core-net/client/connect3.c
index adca633c8..572252795 100644
--- a/lib/core-net/client/connect3.c
+++ b/lib/core-net/client/connect3.c
@@ -191,6 +191,10 @@ lws_client_connect_3_connect(struct lws *wsi, const char *ads,
 		result = NULL;
 	}
 
+#if defined(LWS_WITH_UNIX_SOCK)
+	memset(&sau, 0, sizeof(sau));
+#endif
+
 	/*
 	 * async dns calls back here for everybody who cares when it gets a
 	 * result... but if we are piggybacking, we do not want to connect
@@ -254,10 +258,10 @@ lws_client_connect_3_connect(struct lws *wsi, const char *ads,
 	}
 
 #if defined(LWS_WITH_UNIX_SOCK)
+
 	if (ads && *ads == '+') {
 		ads++;
 		memset(&wsi->sa46_peer, 0, sizeof(wsi->sa46_peer));
-		memset(&sau, 0, sizeof(sau));
 		af = sau.sun_family = AF_UNIX;
 		strncpy(sau.sun_path, ads, sizeof(sau.sun_path));
 		sau.sun_path[sizeof(sau.sun_path) - 1] = '\0';
diff --git a/lib/core-net/route.c b/lib/core-net/route.c
index 917443720..2a8515216 100644
--- a/lib/core-net/route.c
+++ b/lib/core-net/route.c
@@ -39,6 +39,8 @@ _lws_routing_entry_dump(struct lws_context *cx, lws_route_t *rou)
 {
 	char sa[48], fin[192], *end = &fin[sizeof(fin)];
 
+	fin[0] = '\0';
+
 	if (rou->dest.sa4.sin_family) {
 		lws_sa46_write_numeric_address(&rou->dest, sa, sizeof(sa));
 		lws_snprintf(fin, lws_ptr_diff_size_t(end, fin),
diff --git a/lib/tls/tls.c b/lib/tls/tls.c
index b5b43859f..29a7a5d5d 100644
--- a/lib/tls/tls.c
+++ b/lib/tls/tls.c
@@ -377,7 +377,6 @@ lws_tls_alloc_pem_to_der_file(struct lws_context *context, const char *filename,
 		p++;
 
 	if (*p != '-') {
-		lwsl_err("b\n");
 		goto bail;
 	}
 
@@ -385,7 +384,6 @@ lws_tls_alloc_pem_to_der_file(struct lws_context *context, const char *filename,
 		p++;
 
 	if (p >= end) {
-		lwsl_err("c\n");
 		goto bail;
 	}
 
@@ -398,10 +396,8 @@ lws_tls_alloc_pem_to_der_file(struct lws_context *context, const char *filename,
 	while (q > opem && *q != '\n')
 		q--;
 
-	if (*q != '\n') {
-		lwsl_err("d\n");
+	if (*q != '\n')
 		goto bail;
-	}
 
 	/* we can't write into the input buffer for mem, since it may be in RO
 	 * const segment
@@ -409,7 +405,10 @@ lws_tls_alloc_pem_to_der_file(struct lws_context *context, const char *filename,
 	if (filename)
 		*q = '\0';
 
-	*amount = (unsigned int)lws_b64_decode_string_len((char *)p, lws_ptr_diff(q, p),
+	n = lws_ptr_diff(q, p);
+	if (n == -1) /* coverity */
+		goto bail;
+	*amount = (unsigned int)lws_b64_decode_string_len((char *)p, n,
 					    (char *)pem, (int)(long long)len);
 	*buf = (uint8_t *)pem;
 
diff --git a/minimal-examples-lowlevel/api-tests/api-test-dhcpc/main.c b/minimal-examples-lowlevel/api-tests/api-test-dhcpc/main.c
index 3914f4397..b0dccbb33 100644
--- a/minimal-examples-lowlevel/api-tests/api-test-dhcpc/main.c
+++ b/minimal-examples-lowlevel/api-tests/api-test-dhcpc/main.c
@@ -52,7 +52,9 @@ int
 main(int argc, const char **argv)
 {
 	struct lws_context_creation_info info;
+#if !defined(__COVERITY__)
 	const char *p;
+#endif
 	int n = 1;
 
 	signal(SIGINT, sigint_handler);
@@ -64,8 +66,10 @@ main(int argc, const char **argv)
 	info.port = CONTEXT_PORT_NO_LISTEN;
 	info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
 
+#if !defined(__COVERITY__)
 	if ((p = lws_cmdline_option(argc, argv, "-i")))
 		nif = p;
+#endif
 
 	context = lws_create_context(&info);
 	if (!context) {
diff --git a/minimal-examples-lowlevel/ws-client/minimal-ws-client-spam-tx-rx/minimal-ws-client.c b/minimal-examples-lowlevel/ws-client/minimal-ws-client-spam-tx-rx/minimal-ws-client.c
index f655b229e..dd38b17ec 100644
--- a/minimal-examples-lowlevel/ws-client/minimal-ws-client-spam-tx-rx/minimal-ws-client.c
+++ b/minimal-examples-lowlevel/ws-client/minimal-ws-client-spam-tx-rx/minimal-ws-client.c
@@ -180,13 +180,18 @@ int main(int argc, const char **argv)
 				LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
 	}
 
-	if ((p = lws_cmdline_option(argc, argv, "-p")))
+	if ((p = lws_cmdline_option(argc, argv, "-p"))) {
 		port = atoi(p);
+		if (port > 65535 || port < 0)
+			return 1;
+	}
 
 	if ((p = lws_cmdline_option(argc, argv, "-n"))) {
 		n = atoi(p);
 		if (n < 1)
 			n = 1;
+		if (n > LWS_MAX_SMP)
+			n = LWS_MAX_SMP;
 		if (n < nclients)
 			nclients = n;
 		lwsl_notice("Start test clients: %d\n", nclients);
diff --git a/plugins/ssh-base/sshd.c b/plugins/ssh-base/sshd.c
index 701548d48..ef735fdf6 100644
--- a/plugins/ssh-base/sshd.c
+++ b/plugins/ssh-base/sshd.c
@@ -2089,7 +2089,7 @@ lws_callback_raw_sshd(struct lws *wsi, enum lws_callback_reasons reason,
 
         case LWS_CALLBACK_RAW_ADOPT:
 		lwsl_info("LWS_CALLBACK_RAW_ADOPT\n");
-		if (!vhd)
+		if (!vhd || !pss)
 			return -1;
 		pss->next = vhd->live_pss_list;
 		vhd->live_pss_list = pss;