From f83fcc85358be9fa31ef1f31bf185bf057f001d1 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Tue, 24 Nov 2020 00:36:54 +0000
Subject: [PATCH] Fix Coverity Scan issues.

1436866
1436865
1436864
1436862
1436857
1436856
1436852
1436851
---
 apps/db_dump/db_dump.c            |  1 -
 apps/mosquitto_ctrl/dynsec.c      |  7 ++++++-
 apps/mosquitto_ctrl/options.c     |  1 +
 plugins/dynamic-security/plugin.c | 14 +++++++++++++-
 plugins/dynamic-security/roles.c  |  7 ++++---
 5 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/apps/db_dump/db_dump.c b/apps/db_dump/db_dump.c
index e1f909a5..96eb1d55 100644
--- a/apps/db_dump/db_dump.c
+++ b/apps/db_dump/db_dump.c
@@ -156,7 +156,6 @@ static int dump__client_chunk_process(FILE *db_fd, uint32_t length)
 	}
 	if(rc){
 		fprintf(stderr, "Error: Corrupt persistent database.");
-		fclose(db_fd);
 		return rc;
 	}
 
diff --git a/apps/mosquitto_ctrl/dynsec.c b/apps/mosquitto_ctrl/dynsec.c
index 93cc23f4..4db1d528 100644
--- a/apps/mosquitto_ctrl/dynsec.c
+++ b/apps/mosquitto_ctrl/dynsec.c
@@ -591,7 +591,11 @@ static cJSON *init_add_client(const char *username, const char *password, const
 	}
 
 	j_client = cJSON_CreateObject();
-	if(j_client == NULL) return NULL;
+	if(j_client == NULL){
+		free(salt64);
+		free(hash64);
+		return NULL;
+	}
 
 	snprintf(buf, sizeof(buf), "%d", PW_DEFAULT_ITERATIONS);
 	if(cJSON_AddStringToObject(j_client, "username", username) == NULL
@@ -739,6 +743,7 @@ int dynsec_init(int argc, char *argv[])
 	if(fptr){
 		fprintf(fptr, "%s", json_str);
 		free(json_str);
+		fclose(fptr);
 	}else{
 		free(json_str);
 		fprintf(stderr, "dynsec init: Unable to open '%s' for writing.\n", filename);
diff --git a/apps/mosquitto_ctrl/options.c b/apps/mosquitto_ctrl/options.c
index 0f37d805..431e7305 100644
--- a/apps/mosquitto_ctrl/options.c
+++ b/apps/mosquitto_ctrl/options.c
@@ -525,6 +525,7 @@ int client_config_load(struct mosq_config *cfg)
 		local_args = malloc(3*sizeof(char *));
 		if(local_args == NULL){
 			fprintf(stderr, "Error: Out of memory.\n");
+			fclose(fptr);
 			return 1;
 		}
 		while(fgets(line, 1024, fptr)){
diff --git a/plugins/dynamic-security/plugin.c b/plugins/dynamic-security/plugin.c
index 82b8f2f0..0d013906 100644
--- a/plugins/dynamic-security/plugin.c
+++ b/plugins/dynamic-security/plugin.c
@@ -17,6 +17,7 @@ Contributors:
 #include "config.h"
 
 #include <cJSON.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -343,6 +344,7 @@ static int dynsec__general_config_save(cJSON *tree)
 static int dynsec__config_load(void)
 {
 	FILE *fptr;
+	long flen_l;
 	size_t flen;
 	char *json_str;
 	cJSON *tree;
@@ -354,7 +356,16 @@ static int dynsec__config_load(void)
 	}
 
 	fseek(fptr, 0, SEEK_END);
-	flen = (size_t)ftell(fptr);
+	flen_l = ftell(fptr);
+	if(flen_l < 0){
+		mosquitto_log_printf(MOSQ_LOG_WARNING, "Error loading Dynamic security plugin config: %s\n", strerror(errno));
+		fclose(fptr);
+		return 1;
+	}else if(flen_l == 0){
+		fclose(fptr);
+		return 0;
+	}
+	flen = (size_t)flen_l;
 	fseek(fptr, 0, SEEK_SET);
 	json_str = mosquitto_calloc(flen+1, sizeof(char));
 	if(json_str == NULL){
@@ -362,6 +373,7 @@ static int dynsec__config_load(void)
 		return 1;
 	}
 	if(fread(json_str, 1, flen, fptr) != flen){
+		mosquitto_free(json_str);
 		fclose(fptr);
 		return 1;
 	}
diff --git a/plugins/dynamic-security/roles.c b/plugins/dynamic-security/roles.c
index 05fa104a..b937fdf5 100644
--- a/plugins/dynamic-security/roles.c
+++ b/plugins/dynamic-security/roles.c
@@ -668,6 +668,7 @@ int dynsec_roles__process_add_acl(cJSON *j_responses, struct mosquitto *context,
 
 	acl = mosquitto_calloc(1, sizeof(struct dynsec__acl));
 	if(acl == NULL){
+		mosquitto_free(topic);
 		dynsec__command_reply(j_responses, context, "addRoleACL", "Internal error", correlation_data);
 		return MOSQ_ERR_SUCCESS;
 	}
@@ -833,9 +834,9 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context,
 	struct dynsec__role *role;
 	char *str;
 	cJSON *j_acls;
-	struct dynsec__acl *tmp_publish_c_send, *tmp_publish_c_recv;
-	struct dynsec__acl *tmp_subscribe_literal, *tmp_subscribe_pattern;
-	struct dynsec__acl *tmp_unsubscribe_literal, *tmp_unsubscribe_pattern;
+	struct dynsec__acl *tmp_publish_c_send = NULL, *tmp_publish_c_recv = NULL;
+	struct dynsec__acl *tmp_subscribe_literal = NULL, *tmp_subscribe_pattern = NULL;
+	struct dynsec__acl *tmp_unsubscribe_literal = NULL, *tmp_unsubscribe_pattern = NULL;
 
 	if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
 		dynsec__command_reply(j_responses, context, "modifyRole", "Invalid/missing rolename", correlation_data);