Merge remote-tracking branch 'origin/fastpath'

* origin/fastpath:
  Fix more Coverity-reported issues (introduced by internal error audit).
  Add check for sqlite3 command to tests that require it
  Fix misc. issues reported by Coverity.

CHANGES

@@ -1,4 +1,13 @@
 
+2.2-beta-73 | 2013-10-14 14:28:25 -0700
+
+  * Fix misc. Coverity-reported issues (leaks, potential null pointer
+    deref, dead code, uninitialized values,
+    time-of-check-time-of-use). (Jon Siwek)
+
+  * Add check for sqlite3 command to tests that require it. (Daniel
+    Thayer)
+
 2.2-beta-68 | 2013-10-14 09:26:09 -0700
 
   * Add check for curl command to active-http.test. (Daniel Thayer)

VERSION

@@ -1 +1 @@
-2.2-beta-68
+2.2-beta-73

aux/broccoli

@@ -1 +1 @@
-Subproject commit 2fe7408ed96b673f7d8bb273abd03d4786facfd2
+Subproject commit ea895c1d8d97f4202388dc528c4bb884558a75a1

src/FlowSrc.cc

@@ -14,8 +14,11 @@
 
 FlowSrc::FlowSrc()
 	{ // TODO: v9.
+	selectable_fd = -1;
 	idle = false;
 	data = 0;
+	pdu_len = -1;
+	exporter_ip = 0;
 	current_timestamp = next_timestamp = 0.0;
 	netflow_analyzer = new binpac::NetFlow::NetFlow_Analyzer();
 	}

src/Frag.cc

@@ -290,8 +290,11 @@ void FragReassembler::BlockInserted(DataBlock* /* start_block */)
 		}
 
 	else
+		{
 		reporter->InternalWarning("bad IP version in fragment reassembly: %d",
 		                          version);
+		delete [] pkt_start;
+		}
 	}
 
 void FragReassembler::Expire(double t)

src/PacketSort.cc

@@ -17,6 +17,9 @@ PacketSortElement::PacketSortElement(PktSrc* arg_src,
 
 	is_tcp = 0;
 	ip_hdr = 0;
+	tcp_flags = 0;
+	endp = 0;
+	payload_length = 0;
 	key = 0;
 
 	// Now check if it is a "parsable" TCP packet.

src/PersistenceSerializer.h

@@ -113,7 +113,8 @@ protected:
 			conns = 0;
 			conn_cookie = 0;
 			peer = SOURCE_LOCAL;
-			};
+			filename = 0;
+			}
 
 		Type type;
 		SerialInfo info;

src/PktSrc.cc

@@ -648,6 +648,7 @@ PktDumper::PktDumper(const char* arg_filename, bool arg_append)
 	is_error = false;
 	append = arg_append;
 	dumper = 0;
+	open_time = 0.0;
 
 	// We need a pcap_t with a reasonable link-layer type. We try to get it
 	// from the packet sources. If not available, we fall back to Ethernet.

src/PolicyFile.cc

@@ -86,6 +86,7 @@ bool LoadPolicyFileText(const char* policy_filename)
 		char buf[256];
 		strerror_r(errno, buf, sizeof(buf));
 		reporter->Error("fstat failed on %s: %s", policy_filename, buf);
+		fclose(f);
 		return false;
 		}
 

src/RemoteSerializer.cc

@@ -3321,6 +3321,9 @@ SocketComm::SocketComm()
 	id_counter = 10000;
 	parent_peer = 0;
 	parent_msgstate = TYPE;
+	parent_id = RemoteSerializer::PEER_NONE;
+	parent_msgtype = 0;
+	parent_args = 0;
 	shutting_conns_down = false;
 	terminating = false;
 	killing = false;

src/analyzer/protocol/login/NVT.cc

@@ -215,6 +215,7 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len)
 			{
 			reporter->AnalyzerError(endp,
 			  "option peer missing in TelnetAuthenticateOption::RecvSubOption");
+			return;
 			}
 
 		if ( ! peer->DidRequestAuthentication() )

src/analyzer/protocol/netflow/netflow-analyzer.pac

@@ -31,8 +31,11 @@ flow NetFlow_Flow {
 			internal_type("nf_v5_record")->AsRecordType();
 		nfheader_id_type =
 			internal_type("nfheader_id")->AsRecordType();
-		pdu_id = 0;
 		identifier = NULL;
+		exporter_ip = 0;
+		uptime = 0;
+		export_time = 0;
+		pdu_id = 0;
 	%}
 
 	# %cleanup does not only put the cleanup code into the destructor,

src/analyzer/protocol/pop3/POP3.cc

@@ -211,6 +211,7 @@ void POP3_Analyzer::ProcessRequest(int length, const char* line)
 		default:
 			reporter->AnalyzerError(this,
 			  "unexpected POP3 authorization state");
+			delete decoded;
 			return;
 		}
 

src/analyzer/protocol/smb/SMB.cc

@@ -743,23 +743,13 @@ int SMB_Session::ParseTransaction(int is_orig, int cmd,
 		return 0;
 	}
 
-	int ret;
+	if ( ! is_orig )
-	if ( is_orig )
+		return ParseTransactionResponse(cmd, hdr, body);
-		{
+
 	if ( cmd == SMB_COM_TRANSACTION || cmd == SMB_COM_TRANSACTION2 )
-			ret = ParseTransactionRequest(cmd, hdr, body);
+		return ParseTransactionRequest(cmd, hdr, body);
 
-		else if ( cmd == SMB_COM_TRANSACTION_SECONDARY ||
+	return ParseTransactionSecondaryRequest(cmd, hdr, body);
-		          cmd == SMB_COM_TRANSACTION2_SECONDARY )
-			ret = ParseTransactionSecondaryRequest(cmd, hdr, body);
-
-		else
-			ret = 0;
-		}
-	else
-		ret = ParseTransactionResponse(cmd, hdr, body);
-
-	return ret;
 	}
 
 int SMB_Session::ParseTransactionRequest(int cmd,

src/input/Manager.cc

@@ -1518,7 +1518,6 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 			EnumVal* ev;
 			int startpos = 0;
 			Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos);
-			Ref(valval);
 
 			if ( updated )
 				ev = new EnumVal(BifEnum::Input::EVENT_CHANGED,
@@ -1529,7 +1528,10 @@ int Manager::PutTable(Stream* i, const Value* const *vals)
 
 			bool result;
 			if ( stream->num_val_fields > 0 ) // we have values
+				{
+				Ref(valval);
 				result = CallPred(stream->pred, 3, ev, predidx, valval);
+				}
 			else // no values
 				result = CallPred(stream->pred, 2, ev, predidx);
 

src/input/readers/Raw.cc

@@ -289,7 +289,8 @@ bool Raw::OpenInput()
 			return false;
 			}
 
-		fcntl(fileno(file),  F_SETFD, FD_CLOEXEC);
+		if ( ! SetFDFlags(fileno(file), F_SETFD, FD_CLOEXEC) )
+			Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str()));
 		}
 
 	return true;

src/util.cc

@@ -652,16 +652,8 @@ void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16])
 static bool read_random_seeds(const char* read_file, uint32* seed,
 				uint32* buf, int bufsiz)
 	{
-	struct stat st;
 	FILE* f = 0;
 
-	if ( stat(read_file, &st) < 0 )
-		{
-		reporter->Warning("Seed file '%s' does not exist: %s",
-				read_file, strerror(errno));
-		return false;
-		}
-
 	if ( ! (f = fopen(read_file, "r")) )
 		{
 		reporter->Warning("Could not open seed file '%s': %s",

testing/btest/scripts/base/frameworks/input/sqlite/basic.bro

@@ -1,6 +1,8 @@
 #
 # @TEST-GROUP: sqlite
 #
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
 # @TEST-EXEC: btest-bg-wait 10

testing/btest/scripts/base/frameworks/input/sqlite/error.bro

@@ -1,3 +1,5 @@
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite
 #
 # @TEST-GROUP: sqlite

testing/btest/scripts/base/frameworks/input/sqlite/port.bro

@@ -1,6 +1,8 @@
 #
 # @TEST-GROUP: sqlite
 #
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat port.sql | sqlite3 port.sqlite
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
 # @TEST-EXEC: btest-bg-wait 10

testing/btest/scripts/base/frameworks/input/sqlite/types.bro

@@ -1,3 +1,5 @@
+# @TEST-REQUIRES: which sqlite3
+#
 # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite
 #
 # @TEST-GROUP: sqlite

testing/btest/scripts/base/frameworks/logging/sqlite/error.bro

@@ -1,4 +1,5 @@
 #
+# @TEST-REQUIRES: which sqlite3
 # @TEST-REQUIRES: has-writer SQLite 
 # @TEST-GROUP: sqlite
 #

testing/btest/scripts/base/frameworks/logging/sqlite/types.bro

@@ -1,4 +1,5 @@
 #
+# @TEST-REQUIRES: which sqlite3
 # @TEST-REQUIRES: has-writer SQLite 
 # @TEST-GROUP: sqlite
 #

testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro

@@ -1,4 +1,5 @@
 #
+# @TEST-REQUIRES: which sqlite3
 # @TEST-REQUIRES: has-writer SQLite
 # @TEST-GROUP: sqlite
 #