From f1ce15d936ea6f0b68ebc21cff169dfd1da2e1c1 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 25 Jul 2012 16:18:33 -0400
Subject: [PATCH 1/5] Set umask before calling mkstemp in unit tests. Found by
 coverity

---
 configure.in        | 2 ++
 test/regress_main.c | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/configure.in b/configure.in
index 27cb7ada..70dc29cd 100644
--- a/configure.in
+++ b/configure.in
@@ -185,6 +185,7 @@ fi
 dnl Checks for header files.
 AC_HEADER_STDC
 AC_CHECK_HEADERS([fcntl.h stdarg.h inttypes.h stdint.h stddef.h poll.h unistd.h sys/epoll.h sys/time.h sys/queue.h sys/event.h sys/param.h sys/ioctl.h sys/select.h sys/devpoll.h port.h netinet/in.h netinet/in6.h sys/socket.h sys/uio.h arpa/inet.h sys/eventfd.h sys/mman.h sys/sendfile.h sys/wait.h netdb.h])
+AC_CHECK_HEADERS([sys/stat.h])
 AC_CHECK_HEADERS(sys/sysctl.h, [], [], [
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
@@ -284,6 +285,7 @@ AC_HEADER_TIME
 dnl Checks for library functions.
 AC_CHECK_FUNCS([gettimeofday vasprintf fcntl clock_gettime strtok_r strsep])
 AC_CHECK_FUNCS([getnameinfo strlcpy inet_ntop inet_pton signal sigaction strtoll inet_aton pipe eventfd sendfile mmap splice arc4random arc4random_buf issetugid geteuid getegid getprotobynumber setenv unsetenv putenv sysctl])
+AC_CHECK_FUNCS([umask])
 
 AC_CACHE_CHECK(
     [for getaddrinfo],
diff --git a/test/regress_main.c b/test/regress_main.c
index 32557c1e..bbac2b41 100644
--- a/test/regress_main.c
+++ b/test/regress_main.c
@@ -58,6 +58,9 @@
 #endif
 
 #include <sys/types.h>
+#ifdef _EVENT_HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
 
 #ifndef WIN32
 #include <sys/socket.h>
@@ -123,6 +126,9 @@ regress_make_tmpfile(const void *data, size_t datalen)
 	char tmpfilename[32];
 	int fd;
 	strcpy(tmpfilename, "/tmp/eventtmp.XXXXXX");
+#ifdef _EVENT_HAVE_UMASK
+	umask(0077);
+#endif
 	fd = mkstemp(tmpfilename);
 	if (fd == -1)
 		return (-1);

From 4f3732d75eb148f93efae797511213e92467f7a2 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 26 Jul 2012 09:35:43 -0400
Subject: [PATCH 2/5] Fix various check-after-dereference issues in unit tests:
 found by coverity

---
 test/regress.c        |  4 ++++
 test/regress_buffer.c | 11 +++++++++++
 test/regress_dns.c    | 14 +++++++++-----
 test/regress_et.c     |  2 ++
 test/regress_http.c   |  8 ++++++--
 test/regress_rpc.c    |  3 +++
 6 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/test/regress.c b/test/regress.c
index 65921420..bd294845 100644
--- a/test/regress.c
+++ b/test/regress.c
@@ -2155,6 +2155,10 @@ test_event_pending(void *ptr)
 	    NULL);
 	t = evtimer_new(data->base, timeout_cb, NULL);
 
+	tt_assert(r);
+	tt_assert(w);
+	tt_assert(t);
+
 	evutil_gettimeofday(&now, NULL);
 	event_add(r, NULL);
 	event_add(t, &tv);
diff --git a/test/regress_buffer.c b/test/regress_buffer.c
index 6a2b6fcc..99a8c0ea 100644
--- a/test/regress_buffer.c
+++ b/test/regress_buffer.c
@@ -1033,6 +1033,8 @@ test_evbuffer_find(void *ptr)
 	unsigned int i;
 	struct evbuffer * buf = evbuffer_new();
 
+	tt_assert(buf);
+
 	/* make sure evbuffer_find doesn't match past the end of the buffer */
 	evbuffer_add(buf, (u_char*)test1, strlen(test1));
 	evbuffer_validate(buf);
@@ -1074,6 +1076,8 @@ test_evbuffer_ptr_set(void *ptr)
 	struct evbuffer_ptr pos;
 	struct evbuffer_iovec v[1];
 
+	tt_assert(buf);
+
 	/* create some chains */
 	evbuffer_reserve_space(buf, 5000, v, 1);
 	v[0].iov_len = 5000;
@@ -1121,6 +1125,9 @@ test_evbuffer_search(void *ptr)
 	struct evbuffer *tmp = evbuffer_new();
 	struct evbuffer_ptr pos, end;
 
+	tt_assert(buf);
+	tt_assert(tmp);
+
 	/* set up our chains */
 	evbuffer_add_printf(tmp, "hello");  /* 5 chars */
 	evbuffer_add_buffer(buf, tmp);
@@ -1200,6 +1207,10 @@ test_evbuffer_callbacks(void *ptr)
 	struct evbuffer *buf_out2 = evbuffer_new();
 	struct evbuffer_cb_entry *cb1, *cb2;
 
+	tt_assert(buf);
+	tt_assert(buf_out1);
+	tt_assert(buf_out2);
+
 	cb1 = evbuffer_add_cb(buf, log_change_callback, buf_out1);
 	cb2 = evbuffer_add_cb(buf, log_change_callback, buf_out2);
 
diff --git a/test/regress_dns.c b/test/regress_dns.c
index b34fb96c..557a63d6 100644
--- a/test/regress_dns.c
+++ b/test/regress_dns.c
@@ -1066,6 +1066,7 @@ test_bufferevent_connect_hostname(void *arg)
 	    &n_accept,
 	    LEV_OPT_REUSEABLE|LEV_OPT_CLOSE_ON_EXEC,
 	    -1, (struct sockaddr *)&sin, sizeof(sin));
+	tt_assert(listener);
 	listener_port = regress_get_socket_port(
 		evconnlistener_get_fd(listener));
 
@@ -1211,6 +1212,7 @@ test_getaddrinfo_async(void *arg)
 	int n_dns_questions = 0;
 
 	struct evdns_base *dns_base = evdns_base_new(data->base, 0);
+	tt_assert(dns_base);
 
 	/* for localhost */
 	evdns_base_load_hosts(dns_base, NULL);
@@ -1705,6 +1707,7 @@ testleak_cleanup(const struct testcase_t *testcase, void *env_)
 {
 	int ok = 0;
 	struct testleak_env_t *env = env_;
+	tt_assert(env);
 #ifdef _EVENT_DISABLE_DEBUG_MODE
 	tt_int_op(allocated_chunks, ==, 0);
 #else
@@ -1713,12 +1716,13 @@ testleak_cleanup(const struct testcase_t *testcase, void *env_)
 #endif
 	ok = 1;
 end:
-	if (env->dns_base)
-		evdns_base_free(env->dns_base, 0);
-	if (env->base)
-		event_base_free(env->base);
-	if (env)
+	if (env) {
+		if (env->dns_base)
+			evdns_base_free(env->dns_base, 0);
+		if (env->base)
+			event_base_free(env->base);
 		free(env);
+	}
 	return ok;
 }
 
diff --git a/test/regress_et.c b/test/regress_et.c
index dee7b936..54ee9326 100644
--- a/test/regress_et.c
+++ b/test/regress_et.c
@@ -173,7 +173,9 @@ test_edgetriggered_mix_error(void *data_)
 
 	/* try mixing edge-triggered and level-triggered to make sure it fails*/
 	ev_et = event_new(base, data->pair[0], EV_READ|EV_ET, read_cb, ev_et);
+	tt_assert(ev_et);
 	ev_lt = event_new(base, data->pair[0], EV_READ, read_cb, ev_lt);
+	tt_assert(ev_lt);
 
 	/* Add edge-triggered, then level-triggered.  Get an error. */
 	tt_int_op(0, ==, event_add(ev_et, NULL));
diff --git a/test/regress_http.c b/test/regress_http.c
index f30b2e36..a8b21ce2 100644
--- a/test/regress_http.c
+++ b/test/regress_http.c
@@ -3213,26 +3213,30 @@ static void
 http_primitives(void *ptr)
 {
 	char *escaped = NULL;
-	struct evhttp *http;
+	struct evhttp *http = NULL;
 
 	escaped = evhttp_htmlescape("<script>");
+	tt_assert(escaped);
 	tt_str_op(escaped, ==, "&lt;script&gt;");
 	free(escaped);
 
 	escaped = evhttp_htmlescape("\"\'&");
+	tt_assert(escaped);
 	tt_str_op(escaped, ==, "&quot;&#039;&amp;");
 
 	http = evhttp_new(NULL);
+	tt_assert(http);
 	tt_int_op(evhttp_set_cb(http, "/test", http_basic_cb, NULL), ==, 0);
 	tt_int_op(evhttp_set_cb(http, "/test", http_basic_cb, NULL), ==, -1);
 	tt_int_op(evhttp_del_cb(http, "/test"), ==, 0);
 	tt_int_op(evhttp_del_cb(http, "/test"), ==, -1);
 	tt_int_op(evhttp_set_cb(http, "/test", http_basic_cb, NULL), ==, 0);
-	evhttp_free(http);
 
  end:
 	if (escaped)
 		free(escaped);
+	if (http)
+		evhttp_free(http);
 }
 
 static void
diff --git a/test/regress_rpc.c b/test/regress_rpc.c
index 922fdc10..e03adcdf 100644
--- a/test/regress_rpc.c
+++ b/test/regress_rpc.c
@@ -734,6 +734,9 @@ rpc_test(void)
 	int i;
 
 	msg = msg_new();
+
+	tt_assert(msg);
+
 	EVTAG_ASSIGN(msg, from_name, "niels");
 	EVTAG_ASSIGN(msg, to_name, "phoenix");
 

From 270f279fb5aec1cc4e628936882472b3494ba0d3 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 26 Jul 2012 09:53:20 -0400
Subject: [PATCH 3/5] Fix resource leaks in the unit tests; found by coverity

---
 test/regress_http.c      | 16 +++++++++++-----
 test/regress_testutils.c |  3 ++-
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/test/regress_http.c b/test/regress_http.c
index a8b21ce2..cc3bf27a 100644
--- a/test/regress_http.c
+++ b/test/regress_http.c
@@ -2660,9 +2660,11 @@ http_chunked_errorcb(struct bufferevent *bev, short what, void *arg)
 		if (header == NULL)
 			goto out;
 		/* 13 chars */
-		if (strcmp(header, "d"))
+		if (strcmp(header, "d")) {
+			free((void*)header);
 			goto out;
-		free((char*)header);
+		}
+		free((void*)header);
 
 		if (strncmp((char *)evbuffer_pullup(bufferevent_get_input(bev), 13),
 			"This is funny", 13))
@@ -2688,8 +2690,10 @@ http_chunked_errorcb(struct bufferevent *bev, short what, void *arg)
 		if (header == NULL)
 			goto out;
 		/* 8 chars */
-		if (strcmp(header, "8"))
+		if (strcmp(header, "8")) {
+			free((void*)header);
 			goto out;
+		}
 		free((char *)header);
 
 		if (strncmp((char *)evbuffer_pullup(bufferevent_get_input(bev), 8),
@@ -2702,9 +2706,11 @@ http_chunked_errorcb(struct bufferevent *bev, short what, void *arg)
 		if (header == NULL)
 			goto out;
 		/* 0 chars */
-		if (strcmp(header, "0"))
+		if (strcmp(header, "0")) {
+			free((void*)header);
 			goto out;
-		free((char *)header);
+		}
+		free((void *)header);
 
 		test_ok = 2;
 
diff --git a/test/regress_testutils.c b/test/regress_testutils.c
index 9b3046e0..aedaef40 100644
--- a/test/regress_testutils.c
+++ b/test/regress_testutils.c
@@ -102,7 +102,7 @@ regress_get_dnsserver(struct event_base *base,
 	struct sockaddr_in my_addr;
 
 	sock = socket(AF_INET, SOCK_DGRAM, 0);
-	if (sock <= 0) {
+	if (sock < 0) {
 		tt_abort_perror("socket");
 	}
 
@@ -113,6 +113,7 @@ regress_get_dnsserver(struct event_base *base,
 	my_addr.sin_port = htons(*portnum);
 	my_addr.sin_addr.s_addr = htonl(0x7f000001UL);
 	if (bind(sock, (struct sockaddr*)&my_addr, sizeof(my_addr)) < 0) {
+		evutil_closesocket(sock);
 		tt_abort_perror("bind");
 	}
 	port = evdns_add_server_port_with_base(base, sock, 0, cb, arg);

From f021c3d762991d9cc81a222a631b6c075b1a76c0 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 26 Jul 2012 09:59:47 -0400
Subject: [PATCH 4/5] Add some missing null checks to unit tests; found by
 coverity

---
 test/regress_main.c | 2 +-
 test/regress_rpc.c  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/test/regress_main.c b/test/regress_main.c
index bbac2b41..e32afff7 100644
--- a/test/regress_main.c
+++ b/test/regress_main.c
@@ -305,7 +305,7 @@ static void *
 legacy_test_setup(const struct testcase_t *testcase)
 {
 	struct basic_test_data *data = basic_test_setup(testcase);
-	if (data == (void*)TT_SKIP)
+	if (data == (void*)TT_SKIP || data == NULL)
 		return data;
 	global_base = data->base;
 	pair[0] = data->pair[0];
diff --git a/test/regress_rpc.c b/test/regress_rpc.c
index e03adcdf..7604ca44 100644
--- a/test/regress_rpc.c
+++ b/test/regress_rpc.c
@@ -113,6 +113,7 @@ MessageCb(EVRPC_STRUCT(Message)* rpc, void *arg)
 		struct evhttp_request* req = EVRPC_REQUEST_HTTP(rpc);
 		const char *header = evhttp_find_header(
 			req->input_headers, "X-Hook");
+		assert(header);
 		assert(strcmp(header, "input") == 0);
 	}
 
@@ -332,6 +333,7 @@ GotKillCb(struct evrpc_status *status,
 		struct evhttp_request *req = status->http_req;
 		const char *header = evhttp_find_header(
 			req->input_headers, "X-Pool-Hook");
+		assert(header);
 		assert(strcmp(header, "ran") == 0);
 	}
 

From 3cde5bf57a993e61a735c53999160e8c480d85f2 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 26 Jul 2012 10:04:43 -0400
Subject: [PATCH 5/5] Avoid more crashes/bad calls in unit tests; found by
 coverity

---
 test/regress.c             |  3 ++-
 test/regress_bufferevent.c | 14 ++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/test/regress.c b/test/regress.c
index bd294845..5935f9be 100644
--- a/test/regress.c
+++ b/test/regress.c
@@ -2258,7 +2258,8 @@ end:
 		event_free(ev1);
 	if (ev2)
 		event_free(ev2);
-	close(dfd);
+	if (dfd >= 0)
+		close(dfd);
 }
 #endif
 
diff --git a/test/regress_bufferevent.c b/test/regress_bufferevent.c
index 2a7097ce..cdfed0c7 100644
--- a/test/regress_bufferevent.c
+++ b/test/regress_bufferevent.c
@@ -243,6 +243,8 @@ test_bufferevent_watermarks_impl(int use_pair)
 		bev1 = bufferevent_new(pair[0], NULL, wm_writecb, wm_errorcb, NULL);
 		bev2 = bufferevent_new(pair[1], wm_readcb, NULL, wm_errorcb, NULL);
 	}
+	tt_assert(bev1);
+	tt_assert(bev2);
 	bufferevent_disable(bev1, EV_READ);
 	bufferevent_enable(bev2, EV_READ);
 
@@ -267,8 +269,10 @@ test_bufferevent_watermarks_impl(int use_pair)
 	tt_assert(!event_pending(&bev2->ev_write, EV_WRITE, NULL));
 
 end:
-	bufferevent_free(bev1);
-	bufferevent_free(bev2);
+	if (bev1)
+		bufferevent_free(bev1);
+	if (bev2)
+		bufferevent_free(bev2);
 }
 
 static void
@@ -377,8 +381,10 @@ test_bufferevent_filters_impl(int use_pair)
 		test_ok = 0;
 
 end:
-	bufferevent_free(bev1);
-	bufferevent_free(bev2);
+	if (bev1)
+		bufferevent_free(bev1);
+	if (bev2)
+		bufferevent_free(bev2);
 
 }