CID 1368306 & 1368305: NULLPTR and security BP in logcat.cc

[zwoop]

** CID 1368306:  Security best practices violations  (TOCTOU)
/proxy/logcat.cc: 299 in main()


________________________________________________________________________________________________________
*** CID 1368306:  Security best practices violations  (TOCTOU)
/proxy/logcat.cc: 299 in main()
293     
294       if (n_file_arguments) {
295         int bin_ext_len   = strlen(LOG_FILE_BINARY_OBJECT_FILENAME_EXTENSION);
296         int ascii_ext_len = strlen(LOG_FILE_ASCII_OBJECT_FILENAME_EXTENSION);
297     
298         for (unsigned i = 0; i < n_file_arguments; ++i) {
   CID 1368306:  Security best practices violations  (TOCTOU)
   Calling function "open" that uses "file_arguments[i]" after a check function. This can cause a time-of-check, time-of-use race condition.
299           int in_fd = open(file_arguments[i], O_RDONLY);
300           if (in_fd < 0) {
301             fprintf(stderr, "Error opening input file %s: ", file_arguments[i]);
302             perror(0);
303             error = DATA_PROCESSING_ERROR;
304           } else {

** CID 1368305:  Null pointer dereferences  (REVERSE_INULL)
/plugins/experimental/money_trace/money_trace.cc: 129 in mt_check_request_header(tsapi_httptxn *)()


________________________________________________________________________________________________________
*** CID 1368305:  Null pointer dereferences  (REVERSE_INULL)
/plugins/experimental/money_trace/money_trace.cc: 129 in mt_check_request_header(tsapi_httptxn *)()
123             txn_data                                   = allocTransactionData();
124             txn_data->client_request_mt_header         = TSstrndup(hdr_value, length);
125             txn_data->client_request_mt_header[length] = '\0'; // workaround for bug in core.
126             LOG_DEBUG("found money trace header: %s, length: %d", txn_data->client_request_mt_header, length);
127             if (nullptr == (contp = TSContCreate(transaction_handler, nullptr))) {
128               LOG_ERROR("failed to create the transaction handler continuation");
   CID 1368305:  Null pointer dereferences  (REVERSE_INULL)
   Null-checking "txn_data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
129               if (nullptr != txn_data) {
130                 TSfree(txn_data->client_request_mt_header);
131                 TSfree(txn_data);
132               }
133             } else {
134               TSContDataSet(contp, txn_data);

[jablko]

I think CID 1368306 is a false positive? The open() file_arguments[i] isn't the same as the access() file_arguments[i] because there's a ++i in between. I'm not sure how to proceed.

I'll take a stab at fixing CID 1368305.