Fix static analysis findings

stevegrubb · stevegrubb · commit 98d3b73db523 · 2026-01-27T15:09:56.000-05:00
diff --git a/audisp/plugins/filter/audisp-filter.c b/audisp/plugins/filter/audisp-filter.c
@@ -95,7 +95,9 @@ static void handle_event(auparse_state_t* au, auparse_cb_event_t cb_event_type,
 			hup = 0;
 			ausearch_clear(au);
 		}
-		ausearch_set_stop(au, AUSEARCH_STOP_EVENT);
+		if (ausearch_set_stop(au, AUSEARCH_STOP_EVENT))
+			return;	// impossible, doing this for static analysis
+
 		for (struct filter_rule *rule = list.head; rule;
 							rule = rule->next) {
 			int rc = ausearch_add_expression(au, rule->expr, &error,
diff --git a/audisp/plugins/remote/audisp-remote.c b/audisp/plugins/remote/audisp-remote.c
@@ -962,16 +962,17 @@ static int negotiate_credentials (void)
 	if (config.krb5_principal == NULL) {
 		const char *name = config.krb5_client_name ?
 					config.krb5_client_name : "auditd";
-		config.krb5_principal = (char *) malloc (strlen (name) + 1
-					+ strlen (config.remote_server) + 1);
-		sprintf((char *)config.krb5_principal, "%s@%s",
+		size_t length = strlen(name) + 1 +
+				strlen(config.remote_server) + 1;
+		config.krb5_principal = malloc(length);
+		snprintf(config.krb5_principal, length, "%s@%s",
 			name, config.remote_server);
 	}
-	slashptr = strchr (config.krb5_principal, '/');
+	slashptr = strchr(config.krb5_principal, '/');
 	if (slashptr)
 		*slashptr = '@';
 
-	name_buf.value = (char *)config.krb5_principal;
+	name_buf.value = config.krb5_principal;
 	name_buf.length = strlen(name_buf.value) + 1;
 	major_status = gss_import_name(&minor_status, &name_buf,
 			       (gss_OID) gss_nt_service_name, &service_name_e);
diff --git a/audisp/plugins/zos-remote/zos-remote-queue.c b/audisp/plugins/zos-remote/zos-remote-queue.c
@@ -98,7 +98,7 @@ BerElement *dequeue(void)
     /* Wait until its got something in it */
     pthread_mutex_lock(&queue_lock);
     n = q_last%q_depth;
-    if (q[n] == NULL) {
+    while (q[n] == NULL) {
         pthread_cond_wait(&queue_nonempty, &queue_lock);
         n = q_last%q_depth;
     }
diff --git a/auparse/interpret.c b/auparse/interpret.c
@@ -135,7 +135,7 @@
 typedef enum { AVC_UNSET, AVC_DENIED, AVC_GRANTED } avc_t;
 typedef enum { S_UNSET=-1, S_FAILED, S_SUCCESS } success_t;
 
-static char *print_escaped(const char *val);
+static char *print_escaped(char *val);
 static const char *print_signals(const char *val, unsigned int base);
 
 /*
@@ -145,7 +145,7 @@ static const char *print_signals(const char *val, unsigned int base);
 static unsigned char x2c(const unsigned char *buf)
 {
 	static const char AsciiArray[17] = "0123456789ABCDEF";
-	char *ptr;
+	const char *ptr;
 	unsigned char total=0;
 
 	ptr = strchr(AsciiArray, (char)toupper(buf[0]));
@@ -291,9 +291,9 @@ static void escape(const char *s, char *dest, unsigned int len,
 	}
 }
 
-static void key_escape(const char *orig, char *dest, auparse_esc_t escape_mode)
+static void key_escape(char *orig, char *dest, auparse_esc_t escape_mode)
 {
-	const char *optr = orig;
+	char *optr = orig;
 	char *str, *dptr = dest, tmp;
 	while (*optr) {
 		unsigned int klen, cnt;
@@ -904,7 +904,7 @@ static const char *print_exit(const char *val)
 	return strdup(val);
 }
 
-static char *print_escaped(const char *val)
+static char *print_escaped(char *val)
 {
 	char *out;
 
diff --git a/src/auditd-config.c b/src/auditd-config.c
@@ -1070,7 +1070,7 @@ const char *failure_action_to_str(unsigned int action)
 static int validate_email(const char *acct)
 {
 	int i, len;
-	char *ptr1;
+	const char *ptr1;
 
 	if (acct == NULL)
 		return 2;
@@ -1095,7 +1095,7 @@ static int validate_email(const char *acct)
 	}
 
 	if ((ptr1 = strchr(acct, '@'))) {
-		char *ptr2;
+		const char *ptr2;
 		int rc2;
 		struct addrinfo *ai;
 		struct addrinfo hints;
diff --git a/src/auditd-config.h b/src/auditd-config.h
@@ -90,7 +90,7 @@ struct daemon_conf
 	unsigned long tcp_client_max_port;
 	unsigned long tcp_client_max_idle;
 	int transport;
-	const char *krb5_principal;
+	char *krb5_principal;	// gssapi code inserts @ sometimes
 	const char *krb5_key_file;
 	int distribute_network_events;
 	// Dispatcher config
diff --git a/src/ausearch-lookup.c b/src/ausearch-lookup.c
@@ -284,7 +284,7 @@ static int is_hex_string(const char *str)
 static unsigned char x2c(unsigned char *buf)
 {
 	static const char AsciiArray[17] = "0123456789ABCDEF";
-	char *ptr;
+	const char *ptr;
 	unsigned char total=0;
 
 	ptr = strchr(AsciiArray, (char)toupper(buf[0]));

Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,7 @@ BerElement *dequeue(void)`
`98`	`98`	`/* Wait until its got something in it */`
`99`	`99`	`pthread_mutex_lock(&queue_lock);`
`100`	`100`	`n = q_last%q_depth;`
`101`		`- if (q[n] == NULL) {`
	`101`	`+ while (q[n] == NULL) {`
`102`	`102`	`pthread_cond_wait(&queue_nonempty, &queue_lock);`
`103`	`103`	`n = q_last%q_depth;`
`104`	`104`	`}`
Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@`
`135`	`135`	`typedef enum { AVC_UNSET, AVC_DENIED, AVC_GRANTED } avc_t;`
`136`	`136`	`typedef enum { S_UNSET=-1, S_FAILED, S_SUCCESS } success_t;`
`137`	`137`
`138`		`-static char print_escaped(const char val);`
	`138`	`+static char print_escaped(char val);`
`139`	`139`	`static const char print_signals(const char val, unsigned int base);`
`140`	`140`
`141`	`141`	`/*`
`@@ -145,7 +145,7 @@ static const char print_signals(const char val, unsigned int base);`
`145`	`145`	`static unsigned char x2c(const unsigned char *buf)`
`146`	`146`	`{`
`147`	`147`	`static const char AsciiArray[17] = "0123456789ABCDEF";`
`148`		`- char *ptr;`
	`148`	`+ const char *ptr;`
`149`	`149`	`unsigned char total=0;`
`150`	`150`
`151`	`151`	`ptr = strchr(AsciiArray, (char)toupper(buf[0]));`
`@@ -291,9 +291,9 @@ static void escape(const char s, char dest, unsigned int len,`
`291`	`291`	`}`
`292`	`292`	`}`
`293`	`293`
`294`		`-static void key_escape(const char orig, char dest, auparse_esc_t escape_mode)`
	`294`	`+static void key_escape(char orig, char dest, auparse_esc_t escape_mode)`
`295`	`295`	`{`
`296`		`- const char *optr = orig;`
	`296`	`+ char *optr = orig;`
`297`	`297`	`char str, dptr = dest, tmp;`
`298`	`298`	`while (*optr) {`
`299`	`299`	`unsigned int klen, cnt;`
`@@ -904,7 +904,7 @@ static const char print_exit(const char val)`
`904`	`904`	`return strdup(val);`
`905`	`905`	`}`
`906`	`906`
`907`		`-static char print_escaped(const char val)`
	`907`	`+static char print_escaped(char val)`
`908`	`908`	`{`
`909`	`909`	`char *out;`
`910`	`910`
Original file line number	Diff line number	Diff line change
`@@ -284,7 +284,7 @@ static int is_hex_string(const char *str)`
`284`	`284`	`static unsigned char x2c(unsigned char *buf)`
`285`	`285`	`{`
`286`	`286`	`static const char AsciiArray[17] = "0123456789ABCDEF";`
`287`		`- char *ptr;`
	`287`	`+ const char *ptr;`
`288`	`288`	`unsigned char total=0;`
`289`	`289`
`290`	`290`	`ptr = strchr(AsciiArray, (char)toupper(buf[0]));`