fixed bugs found by static analyzer

Author: Shchelk

extra/glue.c

@@ -222,8 +222,10 @@ sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp,
 		oid->id = DN_API_VERSION;
 
 		ret = do_cmd(-IP_DUMMYNET3, oid, (uintptr_t)&l);
-		if (ret != 0)
+		if (ret != 0) {
+			free(oid);
 			return -1;
+		}
 
 		l=oid->id;
 		free(oid);
@@ -235,8 +237,10 @@ sysctlbyname(const char *name, void *oldp, size_t *oldlenp, void *newp,
 		oid->id = DN_API_VERSION;
 
 		ret = do_cmd(-IP_DUMMYNET3, oid, (uintptr_t)&l);
-		if (ret != 0)
+		if (ret != 0) {
+			free(oid);
 			return -1;
+		}
 
 		entry = (struct sysctlhead*)(oid+1);
 		while(entry->blocklen != 0)

sys/net/radix.c

@@ -1000,6 +1000,8 @@ rn_walktree_from(struct radix_node_head *h, void *a, void *m,
 	 */
 	if (rn->rn_bit >= 0)
 		rn = last;
+	if (!last)
+		return -1;
 	lastb = last->rn_bit;
 
 	/* printf("rn %p, lastb %d\n", rn, lastb);*/

sys/netpfil/ipfw/ip_dummynet.c

@@ -1588,6 +1588,7 @@ config_profile(struct dn_profile *pf, struct dn_id *arg)
 		    kpf->oid.len < pf->oid.len)) {
 			free(kpf, M_DUMMYNET);
 			*pkpf = NULL;
+			kpf = NULL;
 		}
 		if (pf->samples_no == 0)
 			continue;

sys/netpfil/ipfw/ip_fw_sockopt.c

@@ -2345,7 +2345,7 @@ compare_sh(const void *_a, const void *_b)
 
 	if ((uintptr_t)a->handler < (uintptr_t)b->handler)
 		return (-1);
-	else if ((uintptr_t)b->handler > (uintptr_t)b->handler)
+	else if ((uintptr_t)a->handler > (uintptr_t)b->handler)
 		return (1);
 
 	return (0);
@@ -2448,7 +2448,8 @@ ipfw_add_sopt_handler(struct ipfw_sopt_handler *sh, size_t count)
 
 	/* Merge old & new arrays */
 	sz = ctl3_hsize + count;
-	memcpy(tmp, ctl3_handlers, ctl3_hsize * sizeof(*sh));
+	if (ctl3_handlers != NULL)
+		memcpy(tmp, ctl3_handlers, ctl3_hsize * sizeof(*sh));
 	memcpy(&tmp[ctl3_hsize], sh, count * sizeof(*sh));
 	qsort(tmp, sz, sizeof(*sh), compare_sh);
 	/* Switch new and free old */

sys/netpfil/ipfw/ip_fw_table.c

@@ -1093,6 +1093,8 @@ find_table_entry(struct ip_fw_chain *ch, ip_fw3_opheader *op3,
 		return (EINVAL);
 
 	oh = (struct _ipfw_obj_header *)ipfw_get_sopt_header(sd, sz);
+	if (oh == NULL)
+		return (EINVAL);
 	tent = (ipfw_obj_tentry *)(oh + 1);
 
 	/* Basic length checks for TLVs */
@@ -1124,8 +1126,10 @@ find_table_entry(struct ip_fw_chain *ch, ip_fw3_opheader *op3,
 	kti = KIDX_TO_TI(ch, tc->no.kidx);
 	ta = tc->ta;
 
-	if (ta->find_tentry == NULL)
+	if (ta->find_tentry == NULL) {
+		IPFW_UH_RUNLOCK(ch);
 		return (ENOTSUP);
+	}
 
 	error = ta->find_tentry(tc->astate, kti, tent);
 
@@ -1545,6 +1549,8 @@ ipfw_resize_tables(struct ip_fw_chain *ch, unsigned int ntables)
 		 * FIXME: Check if we really can shrink
 		 */
 		IPFW_UH_WUNLOCK(ch);
+		ipfw_objhash_bitmap_free(new_idx, new_blocks);
+		free(tablestate, M_IPFW);
 		return (EINVAL);
 	}
 
@@ -1630,7 +1636,7 @@ ipfw_switch_tables_namespace(struct ip_fw_chain *ch, unsigned int sets)
 			no = ipfw_objhash_lookup_kidx(ni, kidx);
 
 			/* Check if both table object and rule has the set 0 */
-			if (no->set != 0 || rule->set != 0) {
+			if (!no || no->set != 0 || rule->set != 0) {
 				IPFW_UH_WUNLOCK(ch);
 				return (EBUSY);
 			}

sys/netpfil/ipfw/ip_fw_table_algo.c

@@ -3954,7 +3954,7 @@ ta_dump_kfib_tentry(void *ta_state, struct table_info *ti, void *e,
 
 	/* Guess IPv4/IPv6 radix by sockaddr family */
 #ifdef INET
-	if (addr->sin_family == AF_INET) {
+	if (addr && addr->sin_family == AF_INET) {
 		tent->k.addr.s_addr = addr->sin_addr.s_addr;
 		len = 32;
 		if (mask != NULL)
@@ -3967,7 +3967,7 @@ ta_dump_kfib_tentry(void *ta_state, struct table_info *ti, void *e,
 	}
 #endif
 #ifdef INET6
-	if (addr->sin_family == AF_INET6) {
+	if (addr && addr->sin_family == AF_INET6) {
 		addr6 = (struct sockaddr_in6 *)addr;
 		mask6 = (struct sockaddr_in6 *)mask;
 		memcpy(&tent->k, &addr6->sin6_addr, sizeof(struct in6_addr));