/usr/src/sys/arch/amd64/stand/cdboot/../../../../stand/boot/cmd.c

Bug Summary

File:	src/sys/arch/amd64/stand/cdboot/../../../../stand/boot/cmd.c
Warning:	line 371, column 2 2nd function call argument is an uninitialized value

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple i386-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name cmd.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -ffreestanding -target-cpu i586 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sys/arch/amd64/stand/cdboot/obj -nostdsysteminc -nobuiltininc -resource-dir /usr/local/lib/clang/13.0.0 -D MDRANDOM -D _STANDALONE -D __INTERNAL_LIBSA_CREAD -D OSREV="7.0" -D MACHINE="amd64" -D KERNEL="/7.0/amd64/bsd.rd" -I /usr/src/sys/arch/amd64/stand/cdboot/../../../.. -I /usr/src/sys/arch/amd64/stand/cdboot/../libsa -I . -I /usr/src/sys/arch/amd64/stand/cdboot -D SOFTRAID -D BOOTMAGIC=0xc001d00d -D LINKADDR=0x40120 -D SLOW -D SMALL -D NOBYFOUR -D NO_GZIP -D DYNAMIC_CRC_TABLE -D BUILDFIXED -I /usr/src/sys/arch/amd64/stand/cdboot/../../../../stand/boot -Oz -fdebug-compilation-dir=/usr/src/sys/arch/amd64/stand/cdboot/obj -ferror-limit 19 -fwrapv -fno-builtin -fgnuc-version=4.2.1 -fpack-struct=1 -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/sys/arch/amd64/stand/cdboot/../../../../stand/boot/cmd.c

1/*	$OpenBSD: cmd.c,v 1.68 2021/10/24 17:49:19 deraadt Exp $	*/

3/*
* Copyright (c) 1997-1999 Michael Shalayeff
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

29#include <sys/param.h>
30#include <sys/reboot.h>

32#include <libsa.h>
33#include <lib/libkern/funcs.h>

35#include "cmd.h"

37#define CTRL(c)((c)&0x1f)	((c)&0x1f)

39static int Xboot(void);
40static int Xecho(void);
41static int Xhelp(void);
42static int Xhexdump(void);
43static int Xls(void);
44static int Xnop(void);
45static int Xreboot(void);
46static int Xstty(void);
47static int Xtime(void);
48#ifdef MACHINE_CMDcmd_machine
49static int Xmachine(void);
50extern const struct cmd_table MACHINE_CMDcmd_machine[];
51#endif
52extern int Xset(void);
53extern int Xenv(void);

55#ifdef CHECK_SKIP_CONFcheck_skip_conf
56extern int CHECK_SKIP_CONFcheck_skip_conf(void);
57#endif

59extern const struct cmd_table cmd_set[];
60const struct cmd_table cmd_table[] = {
{"#",      CMDT_CMD0, Xnop},  /* XXX must be first */
{"boot",   CMDT_CMD0, Xboot},
{"echo",   CMDT_CMD0, Xecho},
{"env",    CMDT_CMD0, Xenv},
{"help",   CMDT_CMD0, Xhelp},
{"hexdump",CMDT_CMD0, Xhexdump},
{"ls",     CMDT_CMD0, Xls},
68#ifdef MACHINE_CMDcmd_machine
{"machine",CMDT_MDC3, Xmachine},
70#endif
{"reboot", CMDT_CMD0, Xreboot},
{"set",    CMDT_SET2, Xset},
{"stty",   CMDT_CMD0, Xstty},
{"time",   CMDT_CMD0, Xtime},
{NULL((void *)0), 0},
76};

78static void ls(char *, struct stat *);
79static int readline(char *, size_t, int);
80char *nextword(char *);
81static char *whatcmd(const struct cmd_table **ct, char *);
82static char *qualify(char *);

84char cmd_buf[CMD_BUFF_SIZE133];

86int
87getcmd(void)
88{
cmd.cmd = NULL((void *)0);

if (!readline(cmd_buf, sizeof(cmd_buf), cmd.timeout))
cmd.cmd = cmd_table;

return docmd();
95}

97int
98read_conf(void)
99{
100#ifndef INSECURE
struct stat sb;
102#endif
int fd, rc = 0;

105#ifdef CHECK_SKIP_CONFcheck_skip_conf
if (CHECK_SKIP_CONFcheck_skip_conf()) {
printf("boot.conf processing skipped at operator request\n");
cmd.timeout = 0;
return -1;		/* Pretend file wasn't found */
}
111#endif

if ((fd = open(qualify(cmd.conf), O_RDONLY0x0000)) < 0) {
if (errno != ENOENT2 && errno != ENXIO6) {
	printf("open(%s): %s\n", cmd.path, strerror(errno));
	return 0;
}
return -1;
}

121#ifndef INSECURE
(void) fstat(fd, &sb);
if (sb.st_uid || (sb.st_mode & 2)) {
printf("non-secure %s, will not proceed\n", cmd.path);
close(fd);
return -1;
}
128#endif

do {
char *p = cmd_buf;

cmd.cmd = NULL((void *)0);
do {
	rc = read(fd, p, 1);
} while (rc > 0 && *p++ != '\n' &&
    (p-cmd_buf) < sizeof(cmd_buf));

if (rc < 0) {			/* Error from read() */
	printf("%s: %s\n", cmd.path, strerror(errno));
	break;
}

if (rc == 0) {			/* eof from read() */
	if (p != cmd_buf) {	/* Line w/o trailing \n */
		*p = '\0';
		rc = docmd();
		break;
	}
} else {			/* rc > 0, read a char */
	p--;			/* Get back to last character */

	if (*p != '\n') {	/* Line was too long */
		printf("%s: line too long\n", cmd.path);

		/* Don't want to run the truncated command */
		rc = -1;
	}
	*p = '\0';
}
} while (rc > 0 && !(rc = docmd()));

close(fd);
return rc;
165}

167int
168docmd(void)
169{
char *p = NULL((void *)0);
const struct cmd_table *ct = cmd_table, *cs;

cmd.argc = 1;
if (cmd.cmd == NULL((void *)0)) {

/* command */
for (p = cmd_buf; *p == ' ' || *p == '\t'; p++)
	;
if (*p == '#' || *p == '\0') { /* comment or empty string */
180#ifdef DEBUG
	printf("rem\n");
182#endif
	return 0;
}
ct = cmd_table;
cs = NULL((void *)0);
cmd.argv[cmd.argc] = p; /* in case it's shortcut boot */
p = whatcmd(&ct, p);
if (ct == NULL((void *)0)) {
	cmd.argc++;
	ct = cmd_table;
} else if (ct->cmd_type == CMDT_SET2 && p != NULL((void *)0)) {
	cs = cmd_set;
194#ifdef MACHINE_CMDcmd_machine
} else if (ct->cmd_type == CMDT_MDC3 && p != NULL((void *)0)) {
	cs = MACHINE_CMDcmd_machine;
197#endif
}

if (cs != NULL((void *)0)) {
	p = whatcmd(&cs, p);
	if (cs == NULL((void *)0)) {
		printf("%s: syntax error\n", ct->cmd_name);
		return 0;
	}
	ct = cs;
}
cmd.cmd = ct;
}

cmd.argv[0] = ct->cmd_name;
while (p && cmd.argc+1 < sizeof(cmd.argv) / sizeof(cmd.argv[0])) {
cmd.argv[cmd.argc++] = p;
p = nextword(p);
}
cmd.argv[cmd.argc] = NULL((void *)0);

return (*cmd.cmd->cmd_exec)();
219}

221static char *
222whatcmd(const struct cmd_table **ct, char *p)
223{
char *q;
int l;

q = nextword(p);

for (l = 0; p[l]; l++)
;

while ((*ct)->cmd_name != NULL((void *)0) && strncmp(p, (*ct)->cmd_name, l))
(*ct)++;

if ((*ct)->cmd_name == NULL((void *)0))
*ct = NULL((void *)0);

return q;
239}

241static int
242readline(char *buf, size_t n, int to)
243{
244#ifdef DEBUG
extern int debug;
246#endif
char *p = buf, ch;

/* Only do timeout if greater than 0 */
if (to > 0) {
u_long i = 0;
time_t tt = getsecs() + to;
253#ifdef DEBUG
if (debug > 2)
	printf ("readline: timeout(%d) at %u\n", to, tt);
256#endif
/* check for timeout expiration less often
   (for some very constrained archs) */
while (!cnischar())
	if (!(i++ % 1000) && (getsecs() >= tt))
		break;

if (!cnischar()) {
	strlcpy(buf, "boot", 5);
	putchar('\n');
	return strlen(buf);
}
} else
while (!cnischar())
	;

/* User has typed something.  Turn off timeouts. */
cmd.timeout = 0;

while (1) {
switch ((ch = getchar())) {
case CTRL('u')(('u')&0x1f):
	while (p > buf) {
		putchar('\177');
		p--;
	}
	continue;
case '\n':
case '\r':
	*p = '\0';
	break;
case '\b':
case '\177':
	if (p > buf) {
		putchar('\177');
		p--;
	}
	continue;
default:
	if (ch >= ' ' && ch < '\177') {
		if (p - buf < n-1)
			*p++ = ch;
		else {
			putchar('\007');
			putchar('\177');
		}
	}
	continue;
}
break;
}

return p - buf;
309}

311/*
* Search for spaces/tabs after the current word. If found, \0 the
* first one.  Then pass a pointer to the first character of the
* next word, or NULL if there is no next word.
*/
316char *
317nextword(char *p)
318{
/* skip blanks */
while (*p && *p != '\t' && *p != ' ')
p++;
if (*p) {
*p++ = '\0';
while (*p == '\t' || *p == ' ')
	p++;
}
if (*p == '\0')
p = NULL((void *)0);
return p;
330}

332static void
333print_help(const struct cmd_table *ct)
334{
for (; ct->cmd_name != NULL((void *)0); ct++)
printf(" %s", ct->cmd_name);
putchar('\n');
338}

340static int
341Xhelp(void)
342{
printf("commands:");
print_help(cmd_table);
345#ifdef MACHINE_CMDcmd_machine
return Xmachine();
347#else
return 0;
349#endif
350}

352static int
353Xhexdump(void)
354{
long long val[2];
char *ep;
int i;

if (cmd.argc != 3) {
1
Assuming field 'argc' is equal to 3→
2
←
Taking false branch→
printf("hexdump addr size\n");
return 0;
}

for (i = 1; i < cmd.argc; i++) {
3
←
Loop condition is true.  Entering loop body→
7
←
Assuming 'i' is >= field 'argc'→
8
←
Loop condition is false. Execution continues on line 371→
val[i-1] = strtoll(cmd.argv[i], &ep, 0);
if (cmd.argv[i][0] == '\0' || *ep != '\0') {
4
←
Assuming the condition is false→
5
←
Assuming the condition is false→
6
←
Taking false branch→
	printf("bad '%c' in \"%s\"\n", *ep, cmd.argv[i]);
	return 0;
}
}
hexdump((void *)(unsigned long)val[0], val[1]);
9
←
2nd function call argument is an uninitialized value
return 0;
373}

375#ifdef MACHINE_CMDcmd_machine
376static int
377Xmachine(void)
378{
printf("machine:");
print_help(MACHINE_CMDcmd_machine);
return 0;
382}
383#endif

385static int
386Xecho(void)
387{
int i;

for (i = 1; i < cmd.argc; i++)
printf("%s ", cmd.argv[i]);
putchar('\n');
return 0;
394}

396static int
397Xstty(void)
398{
int sp;
char *cp;
dev_t dev;

if (cmd.argc == 1) {
printf("%s speed is %d\n", ttyname(0), cnspeed(0, -1));
return 0;
}
dev = ttydev(cmd.argv[1]);
if (dev == NODEV(dev_t)(-1)) {
printf("%s not a console device\n", cmd.argv[1]);
return 0;
}

if (cmd.argc == 2)
printf("%s speed is %d\n", cmd.argv[1],
    cnspeed(dev, -1));
else {
sp = 0;
for (cp = cmd.argv[2]; isdigit(*cp)((*cp) >= '0' && (*cp) <= '9'); cp++)
	sp = sp * 10 + (*cp - '0');
cnspeed(dev, sp);
}
return 0;
423}

425static int
426Xtime(void)
427{
time_t tt = getsecs();

if (cmd.argc == 1)
printf(ctime(&tt));

return 0;
434}

436static int
437Xls(void)
438{
struct stat sb;
char *p;
int fd;

if (stat(qualify((cmd.argv[1]? cmd.argv[1]: "/.")), &sb) < 0) {
printf("stat(%s): %s\n", cmd.path, strerror(errno));
return 0;
}

if ((sb.st_mode & S_IFMT0170000) != S_IFDIR0040000)
ls(cmd.path, &sb);
else {
if ((fd = opendir(cmd.path)) < 0) {
	printf("opendir(%s): %s\n", cmd.path,
	    strerror(errno));
	return 0;
}

/* no strlen in lib !!! */
for (p = cmd.path; *p; p++)
	;
*p++ = '/';
*p = '\0';

while (readdir(fd, p) >= 0) {
	if (stat(cmd.path, &sb) < 0)
		printf("stat(%s): %s\n", cmd.path,
		    strerror(errno));
	else
		ls(p, &sb);
}
closedir (fd);
}
return 0;
473}

475#define lsrwx(mode,s) \
putchar ((mode) & S_IROTH0000004? 'r' : '-'); \
putchar ((mode) & S_IWOTH0000002? 'w' : '-'); \
putchar ((mode) & S_IXOTH0000001? *(s): (s)[1]);

480static void
481ls(char *name, struct stat *sb)
482{
putchar("-fc-d-b---l-s-w-"[(sb->st_mode & S_IFMT0170000) >> 12]);
lsrwx(sb->st_mode >> 6, (sb->st_mode & S_ISUID0004000? "sS" : "x-"));
lsrwx(sb->st_mode >> 3, (sb->st_mode & S_ISGID0002000? "sS" : "x-"));
lsrwx(sb->st_mode     , (sb->st_mode & S_ISTXT0001000? "tT" : "x-"));

printf (" %u,%u\t%lu\t%s\n", sb->st_uid, sb->st_gid,
   (u_long)sb->st_size, name);
490}
491#undef lsrwx

493int doboot = 1;

495static int
496Xnop(void)
497{
if (doboot) {
doboot = 0;
return (Xboot());
}

return 0;
504}

506static int
507Xboot(void)
508{
if (cmd.argc > 1 && cmd.argv[1][0] != '-') {
qualify((cmd.argv[1]? cmd.argv[1]: cmd.image));
if (bootparse(2))
	return 0;
} else {
if (bootparse(1))
	return 0;
snprintf(cmd.path, sizeof cmd.path, "%s:%s",
    cmd.bootdev, cmd.image);
}

return 1;
521}

523/*
* Qualifies the path adding necessary dev
*/

527static char *
528qualify(char *name)
529{
char *p;

for (p = name; *p; p++)
if (*p == ':')
	break;
if (*p == ':')
strlcpy(cmd.path, name, sizeof(cmd.path));
else
snprintf(cmd.path, sizeof cmd.path, "%s:%s",
    cmd.bootdev, name);
return cmd.path;
541}

543static int
544Xreboot(void)
545{
printf("Rebooting...\n");
exit();
return 0; /* just in case */
549}

551int
552upgrade(void)
553{
struct stat sb;

if (stat(qualify(("/bsd.upgrade")), &sb) < 0)
return 0;
if ((sb.st_mode & S_IXUSR0000100) == 0) {
printf("/bsd.upgrade is not u+x\n");
return 0;
}
return 1;
563}