cyrusimap · elliefm · Oct 25, 2023 · Oct 25, 2023 · Oct 25, 2023 · Oct 25, 2023
diff --git a/backup/ctl_backups.c b/backup/ctl_backups.c
@@ -745,6 +745,8 @@ static int cmd_lock_one(void *rock,
     char *fname = NULL;
     int r = 0;
 
+    assert(data != NULL && data_len > 0);
+
     /* input args might not be 0-terminated, so make a safe copy */
     if (key_len)
         userid = xstrndup(key, key_len);

diff --git a/com_err/et/init_et.c b/com_err/et/init_et.c
@@ -50,32 +50,32 @@
 #include "error_table.h"
 #include "mit-sipb-copyright.h"
 
-struct foobar {
-    struct et_list etl;
-    struct error_table et;
-};
-
 extern struct et_list * _et_list;
 
 int init_error_table(msgs, base, count)
     const char * const * msgs;
     int base;
     int count;
 {
-    struct foobar * new_et;
+    struct et_list *etl;
+    struct error_table *et;
 
     if (!base || !count || !msgs)
         return 0;
 
-    new_et = (struct foobar *) malloc(sizeof(struct foobar));
-    if (!new_et)
-        return errno;   /* oops */
-    new_et->etl.table = &new_et->et;
-    new_et->et.msgs = msgs;
-    new_et->et.base = base;
-    new_et->et.n_msgs= count;
+    etl = malloc(sizeof *etl);
+    et = malloc(sizeof *et);
+    if (!etl || !et) {
+        free(etl);
+        free(et);
+        return errno; /* oops */
+    }
+    etl->table = et;
+    et->msgs = msgs;
+    et->base = base;
+    et->n_msgs = count;
 
-    new_et->etl.next = _et_list;
-    _et_list = &new_et->etl;
+    etl->next = _et_list;
+    _et_list = etl;
     return 0;
 }
diff --git a/cunit/annotate.testc b/cunit/annotate.testc
@@ -2009,7 +2009,7 @@ static int create_messages(struct mailbox *mailbox, int count)
         /* Write the message to the filesystem */
         if (!(fp = append_newstage(mailbox_name(mailbox), internaldate, 0, &stage))) {
             fprintf(stderr, "append_newstage(%s) failed", mailbox_name(mailbox));
-            return r;
+            return IMAP_IOERROR;
         }
         buf_printf(&buf, msgtmpl, i, mailbox_name(mailbox), i, i, mailbox_name(mailbox));
         fwrite(buf_base(&buf), 1, buf_len(&buf), fp);

diff --git a/cunit/http_jwt.testc b/cunit/http_jwt.testc
@@ -102,7 +102,7 @@ static void test_init_nokeys(void)
 
     char *fname = strconcat(dname, "/key.pem", NULL);
     FILE *fp = fopen(fname, "w");
-    CU_ASSERT_PTR_NOT_NULL(fp);
+    CU_ASSERT_PTR_NOT_NULL_FATAL(fp);
     fputs("xxx", fp);
     fclose(fp);
 
@@ -161,7 +161,7 @@ static void test_validate(void)
 
     char *fname = strconcat(dname, "/key.pem", NULL);
     FILE *fp = fopen(fname, "w");
-    CU_ASSERT_PTR_NOT_NULL(fp);
+    CU_ASSERT_PTR_NOT_NULL_FATAL(fp);
     fputs(HMAC_PEM, fp);
     fclose(fp);
 
@@ -342,7 +342,7 @@ static void test_validate_claims_no_max_age(void)
 
     char *fname = strconcat(dname, "/key.pem", NULL);
     FILE *fp = fopen(fname, "w");
-    CU_ASSERT_PTR_NOT_NULL(fp);
+    CU_ASSERT_PTR_NOT_NULL_FATAL(fp);
     fputs(HMAC_PEM, fp);
     fclose(fp);
 
@@ -397,7 +397,7 @@ static void test_validate_claims_with_max_age(void)
 
     char *fname = strconcat(dname, "/key.pem", NULL);
     FILE *fp = fopen(fname, "w");
-    CU_ASSERT_PTR_NOT_NULL(fp);
+    CU_ASSERT_PTR_NOT_NULL_FATAL(fp);
     fputs(HMAC_PEM, fp);
     fclose(fp);
 

diff --git a/imap/annotate.c b/imap/annotate.c
@@ -4215,6 +4215,8 @@ EXPORTED int annotate_msg_copy(struct mailbox *oldmailbox, uint32_t olduid,
 
     init_internal();
 
+    assert(newmailbox != NULL);
+
     r = _annotate_getdb(mailbox_uniqueid(newmailbox), newmailbox, newuid, CYRUSDB_CREATE, &d);
     if (r) return r;
 
@@ -4252,6 +4254,7 @@ HIDDEN int annotate_msg_cleanup(struct mailbox *mailbox, unsigned int uid)
     int r = 0;
     annotate_db_t *d = NULL;
 
+    assert(mailbox != NULL);
     assert(uid);
 
     r = _annotate_getdb(mailbox_uniqueid(mailbox), mailbox, uid, 0, &d);

diff --git a/imap/conversations.c b/imap/conversations.c
@@ -2654,6 +2654,8 @@ EXPORTED int conversation_update(struct conversations_state *state,
 {
     conv_folder_t *folder = conversation_get_folder(conv, ecounts->foldernum, /*create*/1);
 
+    assert(folder != NULL); /* should only fire if ecounts->foldernum is negative */
+
     // only count one per instance of the GUID in each folder, and in total
     int delta_num_records = !!ecounts->post.numrecords - !!ecounts->pre.numrecords;
     int delta_exists = !!ecounts->post.exists - !!ecounts->pre.exists;

diff --git a/imap/ctl_mboxlist.c b/imap/ctl_mboxlist.c
@@ -725,11 +725,11 @@ static void do_undump_legacy(void)
             continue;
         }
 
-        char *partition = strchr(newmbentry->partition, '!');
-        if (partition) {
+        char *server_sep = strchr(newmbentry->partition, '!');
+        if (server_sep) {
+            *server_sep = '\0';
             newmbentry->server = newmbentry->partition;
-            newmbentry->partition = strdup(partition + 1);
-            *partition = '\0';
+            newmbentry->partition = xstrdup(server_sep + 1);
         }
 
         if (strlen(newmbentry->name) >= MAX_MAILBOX_BUFFER) {
@@ -968,7 +968,7 @@ static void add_path(ptrarray_t *found, int type,
 {
     struct found_data *new;
 
-    new = malloc(sizeof(struct found_data));
+    new = xmalloc(sizeof(struct found_data));
     new->type = type;
     strcpy(new->mboxname, name);
     strcpy(new->partition, part);

diff --git a/imap/cyr_virusscan.c b/imap/cyr_virusscan.c
@@ -638,7 +638,15 @@ static int check_notification_template(const struct buf *template)
 
     /* stub a message, and do minimal checking for RFC 822 compliance */
     fd = create_tempfile(config_getstring(IMAPOPT_TEMP_PATH));
+    if (fd < 0) {
+        r = IMAP_IOERROR;
+        goto done;
+    }
     f = fdopen(fd, "w+");
+    if (!f) {
+        r = IMAP_IOERROR;
+        goto done;
+    }
     mbname = mbname_from_intname("user.nobody");
     put_notification_headers(f, 0, time(NULL), mbname);
     mbname_free(&mbname);
@@ -663,6 +671,8 @@ static int check_notification_template(const struct buf *template)
     prot_free(pout);
 
     fclose(f);
+
+done:
     return r;
 }
 
@@ -697,14 +707,13 @@ static void append_notifications(const struct buf *template)
 {
     struct infected_mbox *i_mbox;
     int outgoing_count = 0;
-    int fd = create_tempfile(config_getstring(IMAPOPT_TEMP_PATH));
     struct namespace notification_namespace;
 
     mboxname_init_namespace(&notification_namespace, /*options*/0);
 
     while ((i_mbox = user)) {
         if (i_mbox->msgs) {
-            FILE *f = fdopen(fd, "w+");
+            FILE *f = NULL;
             struct infected_msg *msg;
             time_t t;
             struct protstream *pout;
@@ -714,7 +723,19 @@ static void append_notifications(const struct buf *template)
             mbname_t *owner = mbname_from_userid(i_mbox->owner);
             struct buf message = BUF_INITIALIZER;
             int first;
-            int r;
+            int fd, r = 0;
+
+            fd = create_tempfile(config_getstring(IMAPOPT_TEMP_PATH));
+            if (fd < 0) {
+                r = IMAP_IOERROR;
+                goto user_done;
+            }
+
+            f = fdopen(fd, "w+");
+            if (!f) {
+                r = IMAP_IOERROR;
+                goto user_done;
+            }
 
             t = time(NULL);
             put_notification_headers(f, outgoing_count++, t, owner);
@@ -792,18 +813,15 @@ static void append_notifications(const struct buf *template)
                 prot_free(pout);
             }
 
+            fclose(f);
+user_done:
             if (r) {
                 syslog(LOG_ERR, "couldn't send notification to user %s: %s",
                                 mbname_userid(owner),
                                 error_message(r));
             }
 
             mbname_free(&owner);
-            /* XXX funny smell here, fdopen() promises to close the underlying
-             *     file descriptor at fclose(), but we're about to loop around
-             *     and re-fdopen() it?
-             */
-            fclose(f);
         }
 
         user = i_mbox->next;

diff --git a/imap/dav_util.c b/imap/dav_util.c
@@ -320,11 +320,22 @@ EXPORTED int dav_store_resource(struct transaction_t *txn,
 
                     ddata.alive = 1;
                     ddata.imap_uid = mailbox->i.last_uid;
-                    dav_get_validators(mailbox, &ddata, txn->userid, &newrecord,
-                                       &etag, &txn->resp_body.lastmod);
-                    strncpy(etagbuf, etag, 255);
-                    etagbuf[255] = 0;
-                    txn->resp_body.etag = etagbuf;
+                    assert(ddata.imap_uid != 0);
+                    r = dav_get_validators(mailbox, &ddata, txn->userid, &newrecord,
+                                           &etag, &txn->resp_body.lastmod);
+                    if (r) {
+                        xsyslog(LOG_ERR, "read index record failed",
+                                         "mailbox=<%s> uid=<%u>",
+                                         mailbox_name(mailbox),
+                                         ddata.imap_uid);
+                        txn->error.desc = error_message(r);
+                        ret = HTTP_SERVER_ERROR;
+                    }
+                    else {
+                        strncpy(etagbuf, etag, 255);
+                        etagbuf[255] = 0;
+                        txn->resp_body.etag = etagbuf;
+                    }
                 }
             }
         }

diff --git a/imap/http_caldav.c b/imap/http_caldav.c
@@ -4396,9 +4396,10 @@ static void parse_compfilter(xmlNodePtr root, unsigned depth,
         }
     }
 
-    for (node = xmlFirstElementChild(root); node && !error->precond;
-         node = xmlNextElementSibling(node)) {
-
+    for (node = xmlFirstElementChild(root);
+         node && *comp && !error->precond;
+         node = xmlNextElementSibling(node)
+    ) {
         if ((*comp)->not_defined) {
             error->precond = CALDAV_SUPP_FILTER;
             error->desc = DAV_FILTER_ISNOTDEF_ERR;
@@ -5071,8 +5072,13 @@ static struct partial_comp_t *parse_partial_comp(xmlNodePtr node)
         }
         else if (!xmlStrcmp(node->name, BAD_CAST "comp")) {
             struct partial_comp_t *child = parse_partial_comp(node);
-            child->sibling = pcomp->child;
-            pcomp->child = child;
+            if (child) {
+                child->sibling = pcomp->child;
+                pcomp->child = child;
+            }
+            else {
+                /* XXX what does it mean if we get here? */
+            }
         }
     }
 

diff --git a/imap/http_carddav.c b/imap/http_carddav.c
@@ -636,6 +636,11 @@ static int carddav_store_resource(struct transaction_t *txn,
         }
     }
 
+    /* XXX better have got those important properties */
+    assert(version != NULL);
+    assert(uid != NULL);
+    assert(fullname != NULL);
+
     /* Check for an existing resource */
     /* XXX  We can't assume that txn->req_tgt.mbentry is our target,
        XXX  because we may have been called as part of a COPY/MOVE */

diff --git a/imap/http_dav.c b/imap/http_dav.c
@@ -1414,6 +1414,8 @@ xmlNodePtr xml_add_error(xmlNodePtr root, struct error_t *err,
     }
     else error = xmlNewChild(root, NULL, BAD_CAST "error", NULL);
 
+    if (!error) fatal("Virtual memory exhausted", EX_TEMPFAIL);
+
     ensure_ns(avail_ns, precond->ns, root, known_namespaces[precond->ns].href,
               known_namespaces[precond->ns].prefix);
     node = xmlNewChild(error, avail_ns[precond->ns],
@@ -8801,9 +8803,10 @@ static void dav_parse_paramfilter(xmlNodePtr root, struct param_filter **param,
         }
     }
 
-    for (node = xmlFirstElementChild(root); node && !error->precond;
-         node = xmlNextElementSibling(node)) {
-
+    for (node = xmlFirstElementChild(root);
+         node && *param && !error->precond;
+         node = xmlNextElementSibling(node)
+    ) {
         if ((*param)->not_defined) {
             error->precond = profile->filter_precond;
             error->desc = DAV_FILTER_ISNOTDEF_ERR;

diff --git a/imap/http_dav_sharing.c b/imap/http_dav_sharing.c
@@ -891,7 +891,7 @@ HIDDEN int dav_send_notification(xmlDocPtr doc, struct dlist *extradata,
 {
     struct mailbox *mailbox = NULL;
     struct webdav_db *webdavdb = NULL;
-    struct transaction_t txn;
+    struct transaction_t txn = { 0 };
     mbentry_t mbentry;
     int r;
 
@@ -922,7 +922,6 @@ HIDDEN int dav_send_notification(xmlDocPtr doc, struct dlist *extradata,
     }
 
     /* Start with an empty (clean) transaction */
-    memset(&txn, 0, sizeof(struct transaction_t));
     txn.userid = httpd_userid;
     txn.authstate = httpd_authstate;
 
@@ -1843,6 +1842,9 @@ static xmlNodePtr get_props(struct request_target_t *req_tgt,
 
     buf_free(&fctx.buf);
 
+    /* XXX better have gotten something */
+    assert(propstat.root != NULL);
+
     node = propstat.root->children;
     xmlUnlinkNode(node);
     xmlFreeNode(propstat.root);
@@ -2090,6 +2092,7 @@ HIDDEN int dav_post_share(struct transaction_t *txn, struct meth_params *pparams
                 }
                 else {
                     /* Notify sharee */
+                    assert(notify == NULL);
                     r = dav_create_invite(&notify, ns, &txn->req_tgt,
                                           pparams->propfind.lprops,
                                           userid, access, content);