From e4ddd6cb6d499a7a705a7b1c2d05383c7808cf3b Mon Sep 17 00:00:00 2001
From: goldsimon <goldsimon@gmx.de>
Date: Wed, 30 Apr 2014 12:22:31 +0200
Subject: [PATCH 1/3] Multiple fixes found by coverity scan

---
 src/api/netdb.c      |  7 +------
 src/core/ipv4/igmp.c |  3 +++
 src/core/ipv6/mld6.c |  5 ++++-
 src/core/ipv6/nd6.c  | 13 +++++++------
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/api/netdb.c b/src/api/netdb.c
index 6a4bac56..9f38ef91 100644
--- a/src/api/netdb.c
+++ b/src/api/netdb.c
@@ -314,7 +314,7 @@ lwip_getaddrinfo(const char *nodename, const char *servname,
     total_size <= NETDB_ELEM_SIZE);
   ai = (struct addrinfo *)memp_malloc(MEMP_NETDB);
   if (ai == NULL) {
-    goto memerr;
+    return EAI_MEMORY;
   }
   memset(ai, 0, total_size);
   sa = (struct sockaddr_in*)((u8_t*)ai + sizeof(struct addrinfo));
@@ -343,11 +343,6 @@ lwip_getaddrinfo(const char *nodename, const char *servname,
   *res = ai;
 
   return 0;
-memerr:
-  if (ai != NULL) {
-    memp_free(MEMP_NETDB, ai);
-  }
-  return EAI_MEMORY;
 }
 
 #endif /* LWIP_DNS && LWIP_SOCKET */
diff --git a/src/core/ipv4/igmp.c b/src/core/ipv4/igmp.c
index 2e79f545..6db7f913 100644
--- a/src/core/ipv4/igmp.c
+++ b/src/core/ipv4/igmp.c
@@ -704,6 +704,9 @@ igmp_start_timer(struct igmp_group *group, u8_t max_time)
   }
   /* ensure the random value is > 0 */
   group->timer = (LWIP_RAND() % max_time);
+  if (group->timer == 0) {
+    group->timer = 1;
+  }
 #else /* LWIP_RAND */
   /* ATTENTION: use this only if absolutely necessary! */
   group->timer = max_time / 2;
diff --git a/src/core/ipv6/mld6.c b/src/core/ipv6/mld6.c
index 78c3776a..0771f5c8 100644
--- a/src/core/ipv6/mld6.c
+++ b/src/core/ipv6/mld6.c
@@ -496,7 +496,10 @@ mld6_delayed_report(struct mld_group *group, u16_t maxresp)
 
 #ifdef LWIP_RAND
   /* Randomize maxresp. (if LWIP_RAND is supported) */
-  maxresp = (LWIP_RAND() % (maxresp - 1)) + 1;
+  maxresp = LWIP_RAND() % maxresp;
+  if (maxresp == 0) {
+    maxresp = 1;
+  }
 #endif /* LWIP_RAND */
 
   /* Apply timer value if no report has been scheduled already. */
diff --git a/src/core/ipv6/nd6.c b/src/core/ipv6/nd6.c
index da373bd3..7c65df36 100644
--- a/src/core/ipv6/nd6.c
+++ b/src/core/ipv6/nd6.c
@@ -455,24 +455,25 @@ nd6_input(struct pbuf *p, struct netif *inp)
 
         if (prefix_opt->flags & ND6_PREFIX_FLAG_ON_LINK) {
           /* Add to on-link prefix list. */
+          s8_t prefix;
 
           /* Get a memory-aligned copy of the prefix. */
           ip6_addr_set(ip6_current_dest_addr(), &(prefix_opt->prefix));
 
           /* find cache entry for this prefix. */
-          i = nd6_get_onlink_prefix(ip6_current_dest_addr(), inp);
-          if (i < 0) {
+          prefix = nd6_get_onlink_prefix(ip6_current_dest_addr(), inp);
+          if (prefix < 0) {
             /* Create a new cache entry. */
-            i = nd6_new_onlink_prefix(ip6_current_dest_addr(), inp);
+            prefix = nd6_new_onlink_prefix(ip6_current_dest_addr(), inp);
           }
-          if (i >= 0) {
-            prefix_list[i].invalidation_timer = prefix_opt->valid_lifetime;
+          if (prefix >= 0) {
+            prefix_list[prefix].invalidation_timer = prefix_opt->valid_lifetime;
 
 #if LWIP_IPV6_AUTOCONFIG
             if (prefix_opt->flags & ND6_PREFIX_FLAG_AUTONOMOUS) {
               /* Mark prefix as autonomous, so that address autoconfiguration can take place.
                * Only OR flag, so that we don't over-write other flags (such as ADDRESS_DUPLICATE)*/
-              prefix_list[i].flags |= ND6_PREFIX_AUTOCONFIG_AUTONOMOUS;
+              prefix_list[prefix].flags |= ND6_PREFIX_AUTOCONFIG_AUTONOMOUS;
             }
 #endif /* LWIP_IPV6_AUTOCONFIG */
           }

From 406874b6c2b242112018dcd05d88f58fb1de7e85 Mon Sep 17 00:00:00 2001
From: goldsimon <goldsimon@gmx.de>
Date: Wed, 30 Apr 2014 13:50:18 +0200
Subject: [PATCH 2/3] snmp: added missing default cases (only used for trace
 output)

---
 src/core/snmp/mib2.c    | 45 +++++++++++++++++++++++++++++++++++++++++
 src/core/snmp/msg_in.c  |  6 ++++++
 src/core/snmp/msg_out.c |  6 ++++++
 3 files changed, 57 insertions(+)

diff --git a/src/core/snmp/mib2.c b/src/core/snmp/mib2.c
index 0c9ba9f2..553b4de2 100644
--- a/src/core/snmp/mib2.c
+++ b/src/core/snmp/mib2.c
@@ -2198,6 +2198,9 @@ system_get_value(struct obj_def *od, u16_t len, void *value)
         *sint_ptr = sysservices;
       }
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("system_get_value(): unknown id: %d\n", id));
+      break;
   };
 }
 
@@ -2233,6 +2236,9 @@ system_set_test(struct obj_def *od, u16_t len, void *value)
         set_ok = 1;
       }
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("system_set_test(): unknown id: %d\n", id));
+      break;
   };
   return set_ok;
 }
@@ -2259,6 +2265,9 @@ system_set_value(struct obj_def *od, u16_t len, void *value)
       MEMCPY(syslocation_ptr, value, len);
       *syslocation_len_ptr = (u8_t)len;
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("system_set_value(): unknown id: %d\n", id));
+      break;
   };
 }
 
@@ -2579,6 +2588,9 @@ ifentry_get_value(struct obj_def *od, u16_t len, void *value)
     case 22: /* ifSpecific */
       MEMCPY(value, ifspecific.id, len);
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("ifentry_get_value(): unknown id: %d\n", id));
+      break;
   };
 }
 
@@ -2730,6 +2742,9 @@ atentry_get_value(struct obj_def *od, u16_t len, void *value)
           *dst = *ipaddr_ret;
         }
         break;
+      default:
+        LWIP_DEBUGF(SNMP_MIB_DEBUG,("atentry_get_value(): unknown id: %d\n", id));
+        break;
     }
   }
 #endif /* LWIP_ARP */
@@ -2942,6 +2957,9 @@ ip_get_value(struct obj_def *od, u16_t len, void *value)
         *uint_ptr = iproutingdiscards;
       }
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("ip_get_value(): unknown id: %d\n", id));
+      break;
   };
 }
 
@@ -2985,6 +3003,9 @@ ip_set_test(struct obj_def *od, u16_t len, void *value)
         set_ok = 1;
       }
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("ip_set_test(): unknown id: %d\n", id));
+      break;
   };
   return set_ok;
 }
@@ -3102,6 +3123,9 @@ ip_addrentry_get_value(struct obj_def *od, u16_t len, void *value)
 #endif
         }
         break;
+      default:
+        LWIP_DEBUGF(SNMP_MIB_DEBUG,("ip_addrentry_get_value(): unknown id: %d\n", id));
+        break;
     }
   }
 }
@@ -3323,6 +3347,9 @@ ip_rteentry_get_value(struct obj_def *od, u16_t len, void *value)
       case 13: /* ipRouteInfo */
         MEMCPY(value, iprouteinfo.id, len);
         break;
+      default:
+        LWIP_DEBUGF(SNMP_MIB_DEBUG,("ip_rteentry_get_value(): unknown id: %d\n", id));
+        break;
     }
   }
 }
@@ -3428,6 +3455,9 @@ ip_ntomentry_get_value(struct obj_def *od, u16_t len, void *value)
           *sint_ptr = 3;
         }
         break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("ip_ntomentry_get_value(): unknown id: %d\n", id));
+      break;
     }
   }
 #endif /* LWIP_ARP */
@@ -3546,6 +3576,9 @@ icmp_get_value(struct obj_def *od, u16_t len, void *value)
     case 26: /* icmpOutAddrMaskReps */
       *uint_ptr = icmpoutaddrmaskreps;
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("icmp_get_value(): unknown id: %d\n", id));
+      break;
   }
 }
 
@@ -3683,6 +3716,9 @@ tcp_get_value(struct obj_def *od, u16_t len, void *value)
     case 15: /* tcpOutRsts */
       *uint_ptr = tcpoutrsts;
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("tcp_get_value(): unknown id: %d\n", id));
+      break;
   }
 }
 #ifdef THIS_SEEMS_UNUSED
@@ -3803,6 +3839,9 @@ udp_get_value(struct obj_def *od, u16_t len, void *value)
     case 4: /* udpOutDatagrams */
       *uint_ptr = udpoutdatagrams;
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MIB_DEBUG,("udp_get_value(): unknown id: %d\n", id));
+      break;
   }
 }
 
@@ -3884,6 +3923,9 @@ udpentry_get_value(struct obj_def *od, u16_t len, void *value)
           *sint_ptr = pcb->local_port;
         }
         break;
+      default:
+        LWIP_DEBUGF(SNMP_MIB_DEBUG,("udpentry_get_value(): unknown id: %d\n", id));
+        break;
     }
   }
 }
@@ -4051,6 +4093,9 @@ snmp_get_value(struct obj_def *od, u16_t len, void *value)
       case 30: /* snmpEnableAuthenTraps */
         *uint_ptr = *snmpenableauthentraps_ptr;
         break;
+      default:
+        LWIP_DEBUGF(SNMP_MIB_DEBUG,("snmp_get_value(): unknown id: %d\n", id));
+        break;
   };
 }
 
diff --git a/src/core/snmp/msg_in.c b/src/core/snmp/msg_in.c
index be940c62..662deec9 100644
--- a/src/core/snmp/msg_in.c
+++ b/src/core/snmp/msg_in.c
@@ -1067,6 +1067,9 @@ snmp_pdu_header_check(struct pbuf *p, u16_t ofs, u16_t pdu_len, u16_t *ofs_ret,
   }
   switch (m_stat->error_status)
   {
+    case SNMP_ES_NOERROR:
+      /* nothing to do */
+      break;
     case SNMP_ES_TOOBIG:
       snmp_inc_snmpintoobigs();
       break;
@@ -1082,6 +1085,9 @@ snmp_pdu_header_check(struct pbuf *p, u16_t ofs, u16_t pdu_len, u16_t *ofs_ret,
     case SNMP_ES_GENERROR:
       snmp_inc_snmpingenerrs();
       break;
+    default:
+      LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_pdu_header_check(): unknown error_status: %d\n", m_stat->error_status));
+      break;
   }
   ofs += (1 + len_octets + len);
   snmp_asn1_dec_type(p, ofs, &type);
diff --git a/src/core/snmp/msg_out.c b/src/core/snmp/msg_out.c
index fc0807c5..4c70952b 100644
--- a/src/core/snmp/msg_out.c
+++ b/src/core/snmp/msg_out.c
@@ -149,6 +149,9 @@ snmp_send_response(struct snmp_msg_pstat *m_stat)
 
     switch (m_stat->error_status)
     {
+      case SNMP_ES_NOERROR:
+        /* nothing to do */
+        break;
       case SNMP_ES_TOOBIG:
         snmp_inc_snmpouttoobigs();
         break;
@@ -161,6 +164,9 @@ snmp_send_response(struct snmp_msg_pstat *m_stat)
       case SNMP_ES_GENERROR:
         snmp_inc_snmpoutgenerrs();
         break;
+      default:
+        LWIP_DEBUGF(SNMP_MSG_DEBUG, ("snmp_send_response(): unknown error_status: %d\n", m_stat->error_status));
+        break;
     }
     snmp_inc_snmpoutgetresponses();
     snmp_inc_snmpoutpkts();

From f9d80d5bd252b9be1fdedd8145e5820b1464491c Mon Sep 17 00:00:00 2001
From: Simon Goldschmidt <goldsimon@gmx.de>
Date: Wed, 30 Apr 2014 22:11:49 +0200
Subject: [PATCH 3/3] try to fix another warning from static code analysis

---
 src/core/snmp/mib_structs.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/core/snmp/mib_structs.c b/src/core/snmp/mib_structs.c
index 67c1f941..53ef1233 100644
--- a/src/core/snmp/mib_structs.c
+++ b/src/core/snmp/mib_structs.c
@@ -63,6 +63,11 @@ static struct nse node_stack[NODE_STACK_SIZE];
 static void
 push_node(struct nse* node)
 {
+  if (node->r_ptr == NULL) {
+    /* set uninitialized fields to known values */
+    node->r_id = 0;
+    node->r_nl = 0;
+  }
   LWIP_ASSERT("node_stack_cnt < NODE_STACK_SIZE",node_stack_cnt < NODE_STACK_SIZE);
   LWIP_DEBUGF(SNMP_MIB_DEBUG,("push_node() node=%p id=%"S32_F"\n",(void*)(node->r_ptr),node->r_id));
   if (node_stack_cnt < NODE_STACK_SIZE)