Fix Coverity Scan issues.

1436866
1436865
1436864
1436862
1436857
1436856
1436852
1436851

apps/db_dump/db_dump.c

@@ -156,7 +156,6 @@ static int dump__client_chunk_process(FILE *db_fd, uint32_t length)
  }
  if(rc){
  fprintf(stderr, "Error: Corrupt persistent database.");
- fclose(db_fd);
  return rc;
  }
 

apps/mosquitto_ctrl/dynsec.c

@@ -591,7 +591,11 @@ static cJSON *init_add_client(const char *username, const char *password, const
  }
 
  j_client = cJSON_CreateObject();
- if(j_client == NULL) return NULL;
+ if(j_client == NULL){
+ free(salt64);
+ free(hash64);
+ return NULL;
+ }
 
  snprintf(buf, sizeof(buf), "%d", PW_DEFAULT_ITERATIONS);
  if(cJSON_AddStringToObject(j_client, "username", username) == NULL
@@ -739,6 +743,7 @@ int dynsec_init(int argc, char *argv[])
  if(fptr){
  fprintf(fptr, "%s", json_str);
  free(json_str);
+ fclose(fptr);
  }else{
  free(json_str);
  fprintf(stderr, "dynsec init: Unable to open '%s' for writing.\n", filename);

apps/mosquitto_ctrl/options.c

@@ -525,6 +525,7 @@ int client_config_load(struct mosq_config *cfg)
  local_args = malloc(3*sizeof(char *));
  if(local_args == NULL){
  fprintf(stderr, "Error: Out of memory.\n");
+ fclose(fptr);
  return 1;
  }
  while(fgets(line, 1024, fptr)){

plugins/dynamic-security/plugin.c

@@ -17,6 +17,7 @@ and the Eclipse Distribution License is available at
 #include "config.h"
 
 #include <cJSON.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -343,6 +344,7 @@ static int dynsec__general_config_save(cJSON *tree)
 static int dynsec__config_load(void)
 {
  FILE *fptr;
+ long flen_l;
  size_t flen;
  char *json_str;
  cJSON *tree;
@@ -354,14 +356,24 @@ static int dynsec__config_load(void)
  }
 
  fseek(fptr, 0, SEEK_END);
- flen = (size_t)ftell(fptr);
+ flen_l = ftell(fptr);
+ if(flen_l < 0){
+ mosquitto_log_printf(MOSQ_LOG_WARNING, "Error loading Dynamic security plugin config: %s\n", strerror(errno));
+ fclose(fptr);
+ return 1;
+ }else if(flen_l == 0){
+ fclose(fptr);
+ return 0;
+ }
+ flen = (size_t)flen_l;
  fseek(fptr, 0, SEEK_SET);
  json_str = mosquitto_calloc(flen+1, sizeof(char));
  if(json_str == NULL){
  fclose(fptr);
  return 1;
  }
  if(fread(json_str, 1, flen, fptr) != flen){
+ mosquitto_free(json_str);
  fclose(fptr);
  return 1;
  }

plugins/dynamic-security/roles.c

@@ -668,6 +668,7 @@ int dynsec_roles__process_add_acl(cJSON *j_responses, struct mosquitto *context,
 
  acl = mosquitto_calloc(1, sizeof(struct dynsec__acl));
  if(acl == NULL){
+ mosquitto_free(topic);
  dynsec__command_reply(j_responses, context, "addRoleACL", "Internal error", correlation_data);
  return MOSQ_ERR_SUCCESS;
  }
@@ -833,9 +834,9 @@ int dynsec_roles__process_modify(cJSON *j_responses, struct mosquitto *context,
  struct dynsec__role *role;
  char *str;
  cJSON *j_acls;
- struct dynsec__acl *tmp_publish_c_send, *tmp_publish_c_recv;
- struct dynsec__acl *tmp_subscribe_literal, *tmp_subscribe_pattern;
- struct dynsec__acl *tmp_unsubscribe_literal, *tmp_unsubscribe_pattern;
+ struct dynsec__acl *tmp_publish_c_send = NULL, *tmp_publish_c_recv = NULL;
+ struct dynsec__acl *tmp_subscribe_literal = NULL, *tmp_subscribe_pattern = NULL;
+ struct dynsec__acl *tmp_unsubscribe_literal = NULL, *tmp_unsubscribe_pattern = NULL;
 
  if(json_get_string(command, "rolename", &rolename, false) != MOSQ_ERR_SUCCESS){
  dynsec__command_reply(j_responses, context, "modifyRole", "Invalid/missing rolename", correlation_data);