From 05284392db547f4d7860919d618438b3815cd8aa Mon Sep 17 00:00:00 2001
From: Jonathan Dieter <jdieter@gmail.com>
Date: Mon, 18 Apr 2022 17:37:19 +0100
Subject: [PATCH] Various fixes to make Coverity happy

The single high severity issue was only triggerable if we were unable to
allocate memory and involved a memory leak.  The other issues all revolve
around issues like making sure we check return values of functions we call.

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
---
 src/lib/dl/multipart.c |  5 ++--
 src/lib/hash/hash.c    |  5 +++-
 src/lib/header.c       |  8 ++++++-
 src/zck_dl.c           | 52 ++++++++++++++++++++++++++++++++----------
 4 files changed, 54 insertions(+), 16 deletions(-)

diff --git a/src/lib/dl/multipart.c b/src/lib/dl/multipart.c
index d0cbd5a..380e451 100644
--- a/src/lib/dl/multipart.c
+++ b/src/lib/dl/multipart.c
@@ -169,8 +169,9 @@ size_t multipart_extract(zckDL *dl, char *b, size_t l) {
             if(size > 0) {
                 mp->buffer = zmalloc(size);
                 if (!mp->buffer) {
-                   zck_log(ZCK_LOG_ERROR, "OOM in %s", __func__);
-                   return 0;
+                    free(buf);
+                    zck_log(ZCK_LOG_ERROR, "OOM in %s", __func__);
+                    return 0;
                 }
                 memcpy(mp->buffer, header_start, size);
                 mp->buffer_len = size;
diff --git a/src/lib/hash/hash.c b/src/lib/hash/hash.c
index f0ebc6f..b40f1a2 100644
--- a/src/lib/hash/hash.c
+++ b/src/lib/hash/hash.c
@@ -165,7 +165,10 @@ char *get_digest_string(const char *digest, int size) {
        return NULL;
     }
     for(int i=0; i<size; i++)
-        snprintf(str + i*2, 3, "%02x", (unsigned char)digest[i]);
+        if(!digest)
+            snprintf(str + i*2, 3, "00");
+        else
+            snprintf(str + i*2, 3, "%02x", (unsigned char)digest[i]);
     return str;
 }
 
diff --git a/src/lib/header.c b/src/lib/header.c
index 16ea3e8..56d7f1b 100644
--- a/src/lib/header.c
+++ b/src/lib/header.c
@@ -50,7 +50,7 @@ static bool check_flags(zckCtx *zck, size_t flags) {
 
     flags = flags & (SIZE_MAX - 1);
     if(flags != 0) {
-        set_fatal_error(zck, "Unknown flags(s) set: %i", flags);
+        set_fatal_error(zck, "Unknown flags(s) set: %lu", flags);
         return false;
     }
     return true;
@@ -520,6 +520,12 @@ static bool read_lead(zckCtx *zck) {
         hash_reset(&(zck->hash_type));
         return false;
     }
+    if(header_length > SIZE_MAX) {
+        free(header);
+        set_error(zck, "Header length of %li invalid", header_length);
+        hash_reset(&(zck->hash_type));
+        return false;
+    }
     zck->header_length = header_length;
 
     /* Set header digest location */
diff --git a/src/zck_dl.c b/src/zck_dl.c
index 7b2f770..2e6917c 100644
--- a/src/zck_dl.c
+++ b/src/zck_dl.c
@@ -165,16 +165,41 @@ int dl_range(dlCtx *dl_ctx, char *url, char *range, int is_chunk) {
     CURL *curl = dl_ctx->curl;
     CURLcode res;
 
-    curl_easy_setopt(curl, CURLOPT_URL, url);
-    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
-    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, dl_header_cb);
-    curl_easy_setopt(curl, CURLOPT_HEADERDATA, dl_ctx);
-    if(is_chunk)
-        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, zck_write_chunk_cb);
-    else
-        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, zck_write_zck_header_cb);
-    curl_easy_setopt(curl, CURLOPT_WRITEDATA, dl_ctx->dl);
-    curl_easy_setopt(curl, CURLOPT_RANGE, range);
+    if(curl_easy_setopt(curl, CURLOPT_URL, url) != CURLE_OK) {
+        LOG_ERROR("Unable to set URL\n");
+        return 0;
+    }
+    if(curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L) != CURLE_OK) {
+        LOG_ERROR("Unable to enable option to follow redirects\n");
+        return 0;
+    }
+    if(curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, dl_header_cb) != CURLE_OK) {
+        LOG_ERROR("Unable to set header callback\n");
+        return 0;
+    }
+    if(curl_easy_setopt(curl, CURLOPT_HEADERDATA, dl_ctx) != CURLE_OK) {
+        LOG_ERROR("Unable to set header callback data\n");
+        return 0;
+    }
+    if(is_chunk) {
+        if(curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, zck_write_chunk_cb) != CURLE_OK) {
+            LOG_ERROR("Unable to set write callback\n");
+            return 0;
+        }
+    } else {
+        if(curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, zck_write_zck_header_cb) != CURLE_OK) {
+            LOG_ERROR("Unable to set write callback\n");
+            return 0;
+        }
+    }
+    if(curl_easy_setopt(curl, CURLOPT_WRITEDATA, dl_ctx->dl) != CURLE_OK) {
+        LOG_ERROR("Unable to set write callback data\n");
+        return 0;
+    }
+    if(curl_easy_setopt(curl, CURLOPT_RANGE, range) != CURLE_OK) {
+        LOG_ERROR("Unable to set download range\n");
+        return 0;
+    }
     res = curl_easy_perform(curl);
     free(range);
 
@@ -187,8 +212,11 @@ int dl_range(dlCtx *dl_ctx, char *url, char *range, int is_chunk) {
         return 0;
     }
     long code;
-    curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code);
-    if (code != 206 && code != 200) {
+    if(curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code) != CURLE_OK) {
+        LOG_ERROR("Unable to get response code\n");
+        return 0;
+    }
+    if(code != 206 && code != 200) {
         LOG_ERROR("HTTP Error: %li when downloading %s\n", code,
                   url);
         return 0;
-- 
2.30.2