From 1f644f8bce9f30bd11d42623cb67d39138698899 Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Wed, 22 Apr 2026 19:10:39 +0000 Subject: [PATCH 1/3] RDKB-64588: High impact coverity issues in utopia Reason for change: Fix high impact coverity issues Test Procedure: NA Risks: Low Priority: P1 Signed-off-by: abhishek_kumaracee2@comcast.com --- source/firewall/firewall.c | 10 ++++++---- source/service_ipv6/service_ipv6.c | 10 +++++++++- source/service_routed/service_routed.c | 2 +- source/ulog/ulog.c | 2 +- source/utapi/lib/utapi.c | 3 ++- 5 files changed, 19 insertions(+), 8 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 2a77cb40..288b12f2 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -457,6 +457,7 @@ char cellular_ifname[32]; #define IS_EMPTY_STRING(s) ((s == NULL) || (*s == '\0')) #define BUFLEN_8 8 +#define BUFLEN_20 20 #define BUFLEN_32 32 #define BUFLEN_64 64 #define RET_OK 0 @@ -1824,6 +1825,7 @@ static int substitute(char *in_str, char *out_str, const int size, char *from, c * $ACCEPT $DROP $REJECT and * QoS classes $HIGH, $MEDIUM, $NORMAL, $LOW */ +#define TOKEN_MAX_LEN 50 char *make_substitutions(char *in_str, char *out_str, const int size) { char *in_str_p = in_str; @@ -1832,7 +1834,7 @@ char *make_substitutions(char *in_str, char *out_str, const int size) char *out_str_end = out_str + size; // FIREWALL_DEBUG("Entering *make_substitutions\n"); while (in_str_p < in_str_end && out_str_p < out_str_end) { - char token[50]; + char token[TOKEN_MAX_LEN + 1]; if ('$' == *in_str_p) { sscanf(in_str_p, "%50s", token); in_str_p += strlen(token); @@ -1905,7 +1907,7 @@ static char *match_keyword(FILE *fp, char *keyword, char delim, char *line, int * handle space differently */ if (' ' == delim) { - char local_name[50]; + char local_name[TOKEN_MAX_LEN + 1]; local_name[0] = '\0'; sscanf(line, "%50s ", local_name); next = line + strlen(local_name); @@ -9824,8 +9826,8 @@ static int prepare_host_detect(FILE * fp) char buf[1024]; if (NULL != kh_fp) { while (NULL != fgets(buf, sizeof(buf), kh_fp)) { - char ip[20]; - char mac[20]; + char ip[BUFLEN_20 + 1]; + char mac[BUFLEN_20 + 1]; sscanf(buf, "%20s %20s", ip, mac); fprintf(fp, "-A host_detect -i %s -s %s -j RETURN\n", lan_ifname, ip); } diff --git a/source/service_ipv6/service_ipv6.c b/source/service_ipv6/service_ipv6.c index aa5f5a14..f1684022 100644 --- a/source/service_ipv6/service_ipv6.c +++ b/source/service_ipv6/service_ipv6.c @@ -1730,7 +1730,15 @@ STATIC int gen_dibbler_conf(struct serv_ipv6 *si6) if (get_dhcpv6s_pool_cfg(si6, &dhcpv6s_pool_cfg) != 0) continue; - if (!dhcpv6s_pool_cfg.enable || dhcpv6s_pool_cfg.ia_prefix[0] == '\0') continue; + if (!dhcpv6s_pool_cfg.enable || dhcpv6s_pool_cfg.ia_prefix[0] == '\0') { + if (dhcpv6s_pool_cfg.opts != NULL) { + free(dhcpv6s_pool_cfg.opts); + dhcpv6s_pool_cfg.opts = NULL; + dhcpv6s_pool_cfg.opt_num = 0; + } + continue; + } + syscfg_get(NULL, "bridge_mode", bridge_mode, sizeof(bridge_mode)); if (strcmp(bridge_mode, "2") || strcmp(dhcpv6s_pool_cfg.interface, "brlan0")) { diff --git a/source/service_routed/service_routed.c b/source/service_routed/service_routed.c index c01695c9..828cdca6 100644 --- a/source/service_routed/service_routed.c +++ b/source/service_routed/service_routed.c @@ -950,7 +950,7 @@ STATIC int gen_zebra_conf(int sefd, token_t setok) char default_wan_interface[64] = {0}; char wan_interface[64] = {0}; #ifdef FEATURE_RDKB_CONFIGURABLE_WAN_INTERFACE - char mesh_wan_ifname[32]; + char mesh_wan_ifname[32] = {0}; char *pStr = NULL; int return_status = PSM_VALUE_GET_STRING(PSM_MESH_WAN_IFNAME,pStr); if(return_status == CCSP_SUCCESS && pStr != NULL){ diff --git a/source/ulog/ulog.c b/source/ulog/ulog.c index b68032f6..8f4d9015 100644 --- a/source/ulog/ulog.c +++ b/source/ulog/ulog.c @@ -295,7 +295,7 @@ int ulog_GetProcId(size_t size, char *name, pid_t *pid) The name will be extracted with a final ')' which needs to be dropped before writing the final result to "name". */ - sscanf(buf, "%*d (%1023s", str); + sscanf(buf, "%*d (%63s", str); len = strlen(str); if (len > 0) diff --git a/source/utapi/lib/utapi.c b/source/utapi/lib/utapi.c index 599f5286..ecc6370a 100644 --- a/source/utapi/lib/utapi.c +++ b/source/utapi/lib/utapi.c @@ -74,6 +74,7 @@ #define CALCULATE_CRC32_TABLE_ENTRY(X) (((X) & 1) ? (POLYNOMIAL^ ((X) >> 1)) : ((X) >> 1)) +#define BUFLEN_10 10 /* * utapi.c - */ @@ -4273,7 +4274,7 @@ static int s_getiap (UtopiaContext *ctx, int index, iap_entry_t *iap) app[j].proto = s_StrToEnum(g_ProtocolMap, buf); Utopia_GetIndexed2(ctx, UtopiaValue_IAP_BlockPortRange, index, i+1, buf, sizeof(buf)); - char sport[10], eport[10]; + char sport[BUFLEN_10 + 1], eport[BUFLEN_10 + 1]; if (2 == (sscanf(buf, "%10s %10s", sport, eport))) { app[j].port.start = atoi(sport); app[j].port.end = atoi(eport); From 286632e0ff73c77773d1f2c71d54c4c349bbcdbd Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Wed, 22 Apr 2026 19:10:39 +0000 Subject: [PATCH 2/3] RDKB-64588: High impact coverity issues in utopia Reason for change: Fix high impact coverity issues Test Procedure: NA Risks: Low Priority: P1 Signed-off-by: abhishek_kumaracee2@comcast.com --- source/firewall/firewall.c | 19 ++++++++++++------- source/service_ipv6/service_ipv6.c | 10 +++++++++- source/service_routed/service_routed.c | 2 +- source/ulog/ulog.c | 2 +- source/utapi/lib/utapi.c | 5 +++-- 5 files changed, 26 insertions(+), 12 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 2a77cb40..2c70a250 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -457,6 +457,7 @@ char cellular_ifname[32]; #define IS_EMPTY_STRING(s) ((s == NULL) || (*s == '\0')) #define BUFLEN_8 8 +#define BUFLEN_20 20 #define BUFLEN_32 32 #define BUFLEN_64 64 #define RET_OK 0 @@ -465,6 +466,9 @@ char cellular_ifname[32]; #define RESET "reset" #define UP "up" +#define STR_HELPER(x) #x +#define STR(x) STR_HELPER(x) + #if defined (FEATURE_MAPT) || defined (FEATURE_SUPPORT_MAPT_NAT46) #define SYSEVENT_MAPT_CONFIG_FLAG "mapt_config_flag" #define SYSEVENT_MAPT_IP_ADDRESS "mapt_ip_address" @@ -1824,6 +1828,7 @@ static int substitute(char *in_str, char *out_str, const int size, char *from, c * $ACCEPT $DROP $REJECT and * QoS classes $HIGH, $MEDIUM, $NORMAL, $LOW */ +#define TOKEN_MAX_LEN 50 char *make_substitutions(char *in_str, char *out_str, const int size) { char *in_str_p = in_str; @@ -1832,9 +1837,9 @@ char *make_substitutions(char *in_str, char *out_str, const int size) char *out_str_end = out_str + size; // FIREWALL_DEBUG("Entering *make_substitutions\n"); while (in_str_p < in_str_end && out_str_p < out_str_end) { - char token[50]; + char token[TOKEN_MAX_LEN + 1]; if ('$' == *in_str_p) { - sscanf(in_str_p, "%50s", token); + sscanf(in_str_p, "%" STR(TOKEN_MAX_LEN) "s", token); in_str_p += strlen(token); if (0 == strcmp(token, "$WAN_IPADDR")) { out_str_p += snprintf(out_str_p, out_str_end-out_str_p, "%s", current_wan_ipaddr); @@ -1905,9 +1910,9 @@ static char *match_keyword(FILE *fp, char *keyword, char delim, char *line, int * handle space differently */ if (' ' == delim) { - char local_name[50]; + char local_name[TOKEN_MAX_LEN + 1]; local_name[0] = '\0'; - sscanf(line, "%50s ", local_name); + sscanf(line, "%" STR(TOKEN_MAX_LEN) "s", local_name); next = line + strlen(local_name); if (next-line > size) { continue; @@ -9824,9 +9829,9 @@ static int prepare_host_detect(FILE * fp) char buf[1024]; if (NULL != kh_fp) { while (NULL != fgets(buf, sizeof(buf), kh_fp)) { - char ip[20]; - char mac[20]; - sscanf(buf, "%20s %20s", ip, mac); + char ip[BUFLEN_20 + 1]; + char mac[BUFLEN_20 + 1]; + sscanf(buf, "%" STR(BUFLEN_20) "s" "%" STR(BUFLEN_20) "s", ip, mac); fprintf(fp, "-A host_detect -i %s -s %s -j RETURN\n", lan_ifname, ip); } fclose(kh_fp); diff --git a/source/service_ipv6/service_ipv6.c b/source/service_ipv6/service_ipv6.c index aa5f5a14..f1684022 100644 --- a/source/service_ipv6/service_ipv6.c +++ b/source/service_ipv6/service_ipv6.c @@ -1730,7 +1730,15 @@ STATIC int gen_dibbler_conf(struct serv_ipv6 *si6) if (get_dhcpv6s_pool_cfg(si6, &dhcpv6s_pool_cfg) != 0) continue; - if (!dhcpv6s_pool_cfg.enable || dhcpv6s_pool_cfg.ia_prefix[0] == '\0') continue; + if (!dhcpv6s_pool_cfg.enable || dhcpv6s_pool_cfg.ia_prefix[0] == '\0') { + if (dhcpv6s_pool_cfg.opts != NULL) { + free(dhcpv6s_pool_cfg.opts); + dhcpv6s_pool_cfg.opts = NULL; + dhcpv6s_pool_cfg.opt_num = 0; + } + continue; + } + syscfg_get(NULL, "bridge_mode", bridge_mode, sizeof(bridge_mode)); if (strcmp(bridge_mode, "2") || strcmp(dhcpv6s_pool_cfg.interface, "brlan0")) { diff --git a/source/service_routed/service_routed.c b/source/service_routed/service_routed.c index c01695c9..828cdca6 100644 --- a/source/service_routed/service_routed.c +++ b/source/service_routed/service_routed.c @@ -950,7 +950,7 @@ STATIC int gen_zebra_conf(int sefd, token_t setok) char default_wan_interface[64] = {0}; char wan_interface[64] = {0}; #ifdef FEATURE_RDKB_CONFIGURABLE_WAN_INTERFACE - char mesh_wan_ifname[32]; + char mesh_wan_ifname[32] = {0}; char *pStr = NULL; int return_status = PSM_VALUE_GET_STRING(PSM_MESH_WAN_IFNAME,pStr); if(return_status == CCSP_SUCCESS && pStr != NULL){ diff --git a/source/ulog/ulog.c b/source/ulog/ulog.c index b68032f6..8f4d9015 100644 --- a/source/ulog/ulog.c +++ b/source/ulog/ulog.c @@ -295,7 +295,7 @@ int ulog_GetProcId(size_t size, char *name, pid_t *pid) The name will be extracted with a final ')' which needs to be dropped before writing the final result to "name". */ - sscanf(buf, "%*d (%1023s", str); + sscanf(buf, "%*d (%63s", str); len = strlen(str); if (len > 0) diff --git a/source/utapi/lib/utapi.c b/source/utapi/lib/utapi.c index 599f5286..b1e205b5 100644 --- a/source/utapi/lib/utapi.c +++ b/source/utapi/lib/utapi.c @@ -74,6 +74,7 @@ #define CALCULATE_CRC32_TABLE_ENTRY(X) (((X) & 1) ? (POLYNOMIAL^ ((X) >> 1)) : ((X) >> 1)) +#define BUFLEN_10 10 /* * utapi.c - */ @@ -4273,8 +4274,8 @@ static int s_getiap (UtopiaContext *ctx, int index, iap_entry_t *iap) app[j].proto = s_StrToEnum(g_ProtocolMap, buf); Utopia_GetIndexed2(ctx, UtopiaValue_IAP_BlockPortRange, index, i+1, buf, sizeof(buf)); - char sport[10], eport[10]; - if (2 == (sscanf(buf, "%10s %10s", sport, eport))) { + char sport[BUFLEN_10 + 1], eport[BUFLEN_10 + 1]; + if (2 == (sscanf(buf, "%" STR(BUFLEN_10) "s" "%" STR(BUFLEN_10) "s", sport, eport))) { app[j].port.start = atoi(sport); app[j].port.end = atoi(eport); } From 1eb7081c3afaeaba805b86d939ef655277f536a4 Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Thu, 23 Apr 2026 19:37:25 +0000 Subject: [PATCH 3/3] RDKB-64588: High impact coverity issues in utopia Reason for change: Fix high impact coverity issues Test Procedure: NA Risks: Low Priority: P1 Signed-off-by: abhishek_kumaracee2@comcast.com --- source/utapi/lib/utapi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/utapi/lib/utapi.c b/source/utapi/lib/utapi.c index b1e205b5..b810e7d0 100644 --- a/source/utapi/lib/utapi.c +++ b/source/utapi/lib/utapi.c @@ -75,6 +75,8 @@ #define CALCULATE_CRC32_TABLE_ENTRY(X) (((X) & 1) ? (POLYNOMIAL^ ((X) >> 1)) : ((X) >> 1)) #define BUFLEN_10 10 +#define STR_HELPER(x) #x +#define STR(x) STR_HELPER(x) /* * utapi.c - */