From 399e5ab338a8c184cb3ef009c6e54ead83a843f2 Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Tue, 4 May 2021 17:18:45 +0200
Subject: [PATCH] fix coverity issues

---
 dtls.c        | 6 +++---
 hostport.c    | 7 ++++---
 radsecproxy.c | 7 ++++---
 rewrite.c     | 2 +-
 tcp.c         | 2 +-
 tls.c         | 4 ++--
 udp.c         | 2 +-
 7 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/dtls.c b/dtls.c
index ccf0264..09aa9ee 100644
--- a/dtls.c
+++ b/dtls.c
@@ -425,7 +425,7 @@ int getConnectionInfo(int socket, struct sockaddr *from, socklen_t fromlen, stru
 #endif
         if(ctrlhdr->cmsg_level == IPPROTO_IPV6 && ctrlhdr->cmsg_type == IPV6_RECVPKTINFO) {
             info6 = (struct in6_pktinfo *)CMSG_DATA(ctrlhdr);
-            debug(DBG_DBG, "udp packet to: %x", inet_ntop(AF_INET6, &info6->ipi6_addr, tmp, sizeof(tmp)));
+            debug(DBG_DBG, "udp packet to: %s", inet_ntop(AF_INET6, &info6->ipi6_addr, tmp, sizeof(tmp)));
 
             ((struct sockaddr_in6 *)to)->sin6_addr = info6->ipi6_addr;
             ((struct sockaddr_in6 *)to)->sin6_scope_id = info6->ipi6_ifindex;
@@ -595,7 +595,7 @@ int dtlsconnect(struct server *server, int timeout, char *text) {
         if (sslconnecttimeout(server->ssl, 5) <= 0) {
             while ((error = ERR_get_error()))
                 debug(DBG_ERR, "dtlsconnect: SSL connect to %s failed: %s", server->conf->name, ERR_error_string(error, NULL));
-            debug(DBG_ERR, "dtlsconnect: SSL connect to %s failed", server->conf->name, ERR_error_string(error, NULL));
+            debug(DBG_ERR, "dtlsconnect: SSL connect to %s failed", server->conf->name);
             continue;
         }
         socktimeout.tv_sec = 5;
@@ -655,7 +655,7 @@ int clientradputdtls(struct server *server, unsigned char *rad) {
                 return 0;
         }
     }
-    debug(DBG_DBG, "clientradputdtls: Sent %d bytes, Radius packet of length %d to DTLS peer %s", cnt, len, conf->name);
+    debug(DBG_DBG, "clientradputdtls: Sent %d bytes, Radius packet of length %zu to DTLS peer %s", cnt, len, conf->name);
     pthread_mutex_unlock(&server->lock);
     return 1;
 }
diff --git a/hostport.c b/hostport.c
index 5bffa0a..6408505 100644
--- a/hostport.c
+++ b/hostport.c
@@ -95,7 +95,7 @@ struct hostportres *newhostport(char *hostport, char *default_port, uint8_t pref
     slash = hostport ? strchr(hostport, '/') : NULL;
     if (slash) {
 	if (!prefixok) {
-	    debug(DBG_WARN, "newhostport: prefix not allowed here", hp->host);
+	    debug(DBG_WARN, "newhostport: prefix not allowed here (%s)", hp->host);
 	    goto errexit;
 	}
 	s = slash + 1;
@@ -236,11 +236,12 @@ struct addrinfo *resolvepassiveaddrinfo(char **hostport, int af, char *default_p
                 ai = last_ai = hp->addrinfo;
             } else {
                 last_ai->ai_next = hp->addrinfo;
-                last_ai = last_ai->ai_next;
             }
+            while (last_ai->ai_next)
+                last_ai = last_ai->ai_next;
             hp->addrinfo = NULL;
-            freehostport(hp);
         }
+        freehostport(hp);
     }
     return ai;
 }
diff --git a/radsecproxy.c b/radsecproxy.c
index 3256eb5..a8b89f4 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2173,6 +2173,7 @@ int dynamicconfig(struct server *server) {
         ok = getgenericconfig(&cf, NULL, "Server", CONF_CBK, confserver_cb, (void *) conf, NULL);
         freegconf(&cf);
     }
+    fclose(pipein);
 
     if (waitpid(pid, &status, 0) < 0) {
 	debugerrno(errno, DBG_ERR, "dynamicconfig: wait error");
@@ -2643,7 +2644,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 
     if (retryinterval != LONG_MIN) {
 	if (retryinterval < 1 || retryinterval > conf->pdef->retryintervalmax) {
-	    debug(DBG_ERR, "error in block %s, value of option RetryInterval is %d, must be 1-%d", block, retryinterval, conf->pdef->retryintervalmax);
+	    debug(DBG_ERR, "error in block %s, value of option RetryInterval is %ld, must be 1-%d", block, retryinterval, conf->pdef->retryintervalmax);
 	    goto errexit;
 	}
 	conf->retryinterval = (uint8_t)retryinterval;
@@ -2652,7 +2653,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 
     if (retrycount != LONG_MIN) {
 	if (retrycount < 0 || retrycount > conf->pdef->retrycountmax) {
-	    debug(DBG_ERR, "error in block %s, value of option RetryCount is %d, must be 0-%d", block, retrycount, conf->pdef->retrycountmax);
+	    debug(DBG_ERR, "error in block %s, value of option RetryCount is %ld, must be 0-%d", block, retrycount, conf->pdef->retrycountmax);
 	    goto errexit;
 	}
 	conf->retrycount = (uint8_t)retrycount;
@@ -2661,7 +2662,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 
     if (addttl != LONG_MIN) {
 	if (addttl < 1 || addttl > 255) {
-	    debug(DBG_ERR, "error in block %s, value of option addTTL is %d, must be 1-255", block, addttl);
+	    debug(DBG_ERR, "error in block %s, value of option addTTL is %ld, must be 1-255", block, addttl);
 	    goto errexit;
 	}
 	conf->addttl = (uint8_t)addttl;
diff --git a/rewrite.c b/rewrite.c
index 04dae00..90efa00 100644
--- a/rewrite.c
+++ b/rewrite.c
@@ -411,7 +411,7 @@ int dorewritemodattr(struct tlv *attr, struct modattr *modattr) {
     }
     reslen += i - start;
     if (!resizeattr(attr, reslen)) {
-        debug(DBG_INFO, "rewritten attribute to length %d failed, discarding message", reslen);
+        debug(DBG_INFO, "rewritten attribute to length %zu failed, discarding message", reslen);
         free(in);
         return 0;
     }
diff --git a/tcp.c b/tcp.c
index 4ea3725..ffb2f4c 100644
--- a/tcp.c
+++ b/tcp.c
@@ -219,7 +219,7 @@ int clientradputtcp(struct server *server, unsigned char *rad) {
 	debug(DBG_ERR, "clientradputtcp: write error");
 	return 0;
     }
-    debug(DBG_DBG, "clientradputtcp: Sent %d bytes, Radius packet of length %d to TCP peer %s", cnt, len, conf->name);
+    debug(DBG_DBG, "clientradputtcp: Sent %d bytes, Radius packet of length %zu to TCP peer %s", cnt, len, conf->name);
     return 1;
 }
 
diff --git a/tls.c b/tls.c
index a2d9e1a..87bbe2c 100644
--- a/tls.c
+++ b/tls.c
@@ -156,7 +156,7 @@ int tlsconnect(struct server *server, int timeout, char *text) {
         if (sslconnecttimeout(server->ssl, 5) <= 0) {
             while ((error = ERR_get_error()))
                 debug(DBG_ERR, "tlsconnect: SSL connect to %s failed: %s", server->conf->name, ERR_error_string(error, NULL));
-            debug(DBG_ERR, "tlsconnect: SSL connect to %s failed", server->conf->name, ERR_error_string(error, NULL));
+            debug(DBG_ERR, "tlsconnect: SSL connect to %s failed", server->conf->name);
             continue;
         }
 
@@ -354,7 +354,7 @@ int clientradputtls(struct server *server, unsigned char *rad) {
         return 0;
     }
 
-    debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %d to TLS peer %s", cnt, len, conf->name);
+    debug(DBG_DBG, "clientradputtls: Sent %d bytes, Radius packet of length %zu to TLS peer %s", cnt, len, conf->name);
     pthread_mutex_unlock(&server->lock);
     return 1;
 }
diff --git a/udp.c b/udp.c
index b8fd4e1..57102ec 100644
--- a/udp.c
+++ b/udp.c
@@ -248,7 +248,7 @@ int clientradputudp(struct server *server, unsigned char *rad) {
     len = RADLEN(rad);
     ai = ((struct hostportres *)list_first(conf->hostports)->data)->addrinfo;
     if (sendto(server->sock, rad, len, 0, ai->ai_addr, ai->ai_addrlen) >= 0) {
-	debug(DBG_DBG, "clienradputudp: sent UDP of length %d to %s port %d", len, addr2string(ai->ai_addr, tmp, sizeof(tmp)), port_get(ai->ai_addr));
+	debug(DBG_DBG, "clienradputudp: sent UDP of length %zu to %s port %d", len, addr2string(ai->ai_addr, tmp, sizeof(tmp)), port_get(ai->ai_addr));
 	return 1;
     }