diff --git a/lib/http2/hpack.c b/lib/http2/hpack.c index a99a94d0..dfab32af 100644 --- a/lib/http2/hpack.c +++ b/lib/http2/hpack.c @@ -88,15 +88,15 @@ +-------+-----------------------------+---------------+ */ -static const uint8_t static_hdr_len[] = { +static const uint8_t static_hdr_len[62] = { 0, /* starts at 1 */ - 10, 7, 7, 5, 5, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 14, 15, 15, 13, 6, 27, - 3, 5, 13, 13, 19, 16, 16, 14, 16, 13, - 12, 6, 4, 4, 6, 7, 4, 4, 8, 17, - 13, 8, 19, 13, 4, 8, 12, 18, 19, - 5, 7, 7, 11, 6, 10, 25, 17, 10, 4, - 3, 16 + 10, 7, 7, 5, 5, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 14, 15, 15, 13, 6, 27, + 3, 5, 13, 13, 19, 16, 16, 14, 16, 13, + 12, 6, 4, 4, 6, 7, 4, 4, 8, 17, + 13, 8, 19, 13, 4, 8, 12, 18, 19, 5, + 7, 7, 11, 6, 10, 25, 17, 10, 4, 3, + 16 }; static const unsigned char static_token[] = { diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index f0568237..2d325075 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -27,6 +27,10 @@ #define _GNU_SOURCE #endif +#if defined(__COVERITY__) +typedef struct { long double x, y; } _Float128; +#endif + #ifdef LWS_HAVE_SYS_TYPES_H #include #endif diff --git a/lib/server/lws-spa.c b/lib/server/lws-spa.c index ee289466..2e8e20e0 100644 --- a/lib/server/lws-spa.c +++ b/lib/server/lws-spa.c @@ -333,6 +333,8 @@ retry_as_first: if (!strcmp(s->temp, "name")) { if (s->mp < (int)sizeof(s->name) - 1) s->name[s->mp++] = *in; + else + s->mp = (int)sizeof(s->name) - 1; s->name[s->mp] = '\0'; goto done; } diff --git a/lib/server/server.c b/lib/server/server.c index bb8d64ef..dd0ec645 100644 --- a/lib/server/server.c +++ b/lib/server/server.c @@ -2389,6 +2389,9 @@ lws_server_socket_service(struct lws_context *context, struct lws *wsi, goto try_pollout; } + if (len < 0) /* coverity */ + goto fail; + if (wsi->mode == LWSCM_RAW) { n = user_callback_handle_rxflow(wsi->protocol->callback, wsi, LWS_CALLBACK_RAW_RX, diff --git a/plugins/generic-sessions/protocol_lws_messageboard.c b/plugins/generic-sessions/protocol_lws_messageboard.c index 19b9f2a0..f8aef733 100644 --- a/plugins/generic-sessions/protocol_lws_messageboard.c +++ b/plugins/generic-sessions/protocol_lws_messageboard.c @@ -368,7 +368,9 @@ callback_messageboard(struct lws *wsi, enum lws_callback_reasons reason, default: passthru: - return vhd->gsp->callback(wsi, reason, pss ? pss->pss_gs : NULL, in, len); + if (!pss) + break; + return vhd->gsp->callback(wsi, reason, pss->pss_gs, in, len); } return 0; diff --git a/plugins/protocol_lws_mirror.c b/plugins/protocol_lws_mirror.c index e14c3c4e..90b5faa9 100644 --- a/plugins/protocol_lws_mirror.c +++ b/plugins/protocol_lws_mirror.c @@ -244,7 +244,7 @@ callback_lws_mirror(struct lws *wsi, enum lws_callback_reasons reason, mi->next = v->mi_list; v->mi_list = mi; - strcpy(mi->name, pn); + lws_snprintf(mi->name, sizeof(mi->name) - 1, "%s", pn); mi->rx_enabled = 1; lwsl_notice("Created new mi %p '%s'\n", mi, pn); diff --git a/plugins/ssh-base/sshd.c b/plugins/ssh-base/sshd.c index 9f1643bf..da4d4009 100644 --- a/plugins/ssh-base/sshd.c +++ b/plugins/ssh-base/sshd.c @@ -2104,6 +2104,8 @@ lws_callback_raw_sshd(struct lws *wsi, enum lws_callback_reasons reason, case LWS_CALLBACK_RAW_ADOPT: lwsl_info("LWS_CALLBACK_RAW_ADOPT\n"); + if (!vhd) + return -1; pss->next = vhd->live_pss_list; vhd->live_pss_list = pss; pss->parser_state = SSH_INITIALIZE_TRANSIENT; @@ -2129,6 +2131,8 @@ lws_callback_raw_sshd(struct lws *wsi, enum lws_callback_reasons reason, break; case LWS_CALLBACK_RAW_CLOSE: + if (!pss) + return -1; lwsl_info("LWS_CALLBACK_RAW_CLOSE\n"); lws_kex_destroy(pss); lws_ua_destroy(pss); @@ -2151,6 +2155,8 @@ lws_callback_raw_sshd(struct lws *wsi, enum lws_callback_reasons reason, break; case LWS_CALLBACK_RAW_RX: + if (!pss) + return -1; if (parse(pss, in, len)) return -1; break; @@ -2551,6 +2557,8 @@ bail: break; case LWS_CALLBACK_CGI_TERMINATED: + if (!pss) + break; if (pss->vhd && pss->vhd->ops && pss->vhd->ops->child_process_terminated) pss->vhd->ops->child_process_terminated(pss->ch_temp->priv,