diff -up ypserv-2.24/lib/pidfile.c.staticanal ypserv-2.24/lib/pidfile.c --- ypserv-2.24/lib/pidfile.c.staticanal 2010-02-23 14:44:55.000000000 +0100 +++ ypserv-2.24/lib/pidfile.c 2011-03-30 15:07:59.603016625 +0200 @@ -40,6 +40,7 @@ create_pidfile (const char *filename, co log_msg ("cannot create pidfile %s", filename); if (debug_flag) log_msg ("\n"); + return; } lock.l_type = F_WRLCK; diff -up ypserv-2.24/lib/yp_db.c.staticanal ypserv-2.24/lib/yp_db.c --- ypserv-2.24/lib/yp_db.c.staticanal 2009-04-02 13:35:16.000000000 +0200 +++ ypserv-2.24/lib/yp_db.c 2011-03-30 15:07:59.604016623 +0200 @@ -56,6 +56,7 @@ _db_open (const char *domain, const char dbp = gdbm_open (buf, 0, GDBM_READER, 0, NULL); + /* This is a deadcode, because gdbm_cache_value is always negative */ if (dbp && gdbm_cache_value >= 0) gdbm_setopt(dbp, GDBM_CACHESIZE, &gdbm_cache_value, sizeof(int)); diff -up ypserv-2.24/lib/ypserv_conf.c.staticanal ypserv-2.24/lib/ypserv_conf.c --- ypserv-2.24/lib/ypserv_conf.c.staticanal 2008-04-15 15:04:47.000000000 +0200 +++ ypserv-2.24/lib/ypserv_conf.c 2011-03-30 15:07:59.605016621 +0200 @@ -64,7 +64,7 @@ getipnr (char *n, char *network, char *n m = strtok (n, "/"); - sscanf (m, "%s", buf); + sscanf (m, "%19s", buf); for (i = 0; i < strlen (buf); i++) if ((buf[i] < '0' || buf[i] > '9') && buf[i] != '.') @@ -172,7 +172,7 @@ load_ypserv_conf (const char *path) { FILE *in; char c, *cp; - char buf1[1025], buf2[1025], buf3[1025]; + char buf1[1025], buf2[1025]="", buf3[1025]; long line = 0; conffile_t *ptr = NULL, *work = NULL; char *filename = alloca (strlen (path) + sizeof ("/ypserv.conf") + 1); diff -up ypserv-2.24/makedbm/makedbm.c.staticanal ypserv-2.24/makedbm/makedbm.c --- ypserv-2.24/makedbm/makedbm.c.staticanal 2006-01-10 20:22:20.000000000 +0100 +++ ypserv-2.24/makedbm/makedbm.c 2011-03-30 15:07:59.608016615 +0200 @@ -458,6 +458,9 @@ create_file (char *fileName, char *dbmNa rename (filename, dbmName); #endif free (filename); + + if (strcmp (fileName, "-")) + fclose(input); } static void diff -up ypserv-2.24/revnetgroup/getnetgrent.c.staticanal ypserv-2.24/revnetgroup/getnetgrent.c --- ypserv-2.24/revnetgroup/getnetgrent.c.staticanal 2005-05-31 15:36:47.000000000 +0200 +++ ypserv-2.24/revnetgroup/getnetgrent.c 2011-03-30 15:07:59.609016613 +0200 @@ -243,6 +243,8 @@ rev_parse_entry (char *start, char *end, list->list = malloc (10 * sizeof (struct netgrentry)); if (NULL != list->list) list->maxmembers = 10; + else + return; } if (list->members == list->maxmembers) diff -up ypserv-2.24/rpc.yppasswdd/update.c.staticanal ypserv-2.24/rpc.yppasswdd/update.c --- ypserv-2.24/rpc.yppasswdd/update.c.staticanal 2010-09-24 11:44:20.000000000 +0200 +++ ypserv-2.24/rpc.yppasswdd/update.c 2011-03-30 15:07:59.610016611 +0200 @@ -433,6 +433,7 @@ update_files (yppasswd *yppw, char *logb log_msg ("%s failed", logbuf); log_msg ("Can't stat %s: %m", path_shadow); fclose (oldpf); + fclose (newpf); fclose (oldsf); return 1; } diff -up ypserv-2.24/rpc.yppasswdd/yppasswdd.c.staticanal ypserv-2.24/rpc.yppasswdd/yppasswdd.c --- ypserv-2.24/rpc.yppasswdd/yppasswdd.c.staticanal 2011-03-30 15:07:59.587016657 +0200 +++ ypserv-2.24/rpc.yppasswdd/yppasswdd.c 2011-03-30 15:07:59.612016607 +0200 @@ -378,6 +378,12 @@ main (int argc, char **argv) } umask(0); i = open("/dev/null", O_RDWR); + if (i == -1) + { + int err = errno; + log_msg ("rpc.yppasswdd: open /dev/null failed: %s\n", strerror (err)); + exit (err); + } if (dup(i) == -1) { int err = errno; diff -up ypserv-2.24/yphelper/yphelper.c.staticanal ypserv-2.24/yphelper/yphelper.c --- ypserv-2.24/yphelper/yphelper.c.staticanal 2005-05-31 11:14:40.000000000 +0200 +++ ypserv-2.24/yphelper/yphelper.c 2011-03-30 15:07:59.613016605 +0200 @@ -539,7 +539,7 @@ is_master (char *map, char *domain, char #if USE_FQDN struct hostent *hp = NULL; #endif - char *hostname, *domainname; + char *hostname, *domainname, *val; int ret; if (domain != NULL) @@ -580,11 +580,14 @@ is_master (char *map, char *domain, char #endif if (strcasecmp (hostname, - get_dbm_entry ("YP_MASTER_NAME", map, domainname)) == 0) + (val = get_dbm_entry ("YP_MASTER_NAME", map, domainname))) == 0) ret = 0; else ret = 1; + if (val) + free(val); + free(hostname); exit (ret); } diff -up ypserv-2.24/ypserv/server.c.staticanal ypserv-2.24/ypserv/server.c --- ypserv-2.24/ypserv/server.c.staticanal 2011-03-30 16:39:52.110206471 +0200 +++ ypserv-2.24/ypserv/server.c 2011-03-30 16:41:01.565147875 +0200 @@ -636,6 +636,12 @@ ypproc_xfr_2_svc (ypreq_xfr *argp, ypres umask (0); i = open ("/dev/null", O_RDWR); + if (i == -1) + { + int err = errno; + log_msg ("ypxfr execl(): %s", strerror (err)); + exit (err); + } if (dup (i) == -1) { int err = errno; @@ -828,6 +834,7 @@ ypproc_all_2_svc (ypreq_nokey *argp, ypr if (debug_flag) log_msg ("\t-> Ignored (not a valid domain)"); result->ypresp_all_u.val.stat = YP_NODOM; + break; case -4: if (debug_flag) log_msg ("\t-> Ignored (map does not exist)"); diff -up ypserv-2.24/ypserv/ypserv.c.staticanal ypserv-2.24/ypserv/ypserv.c --- ypserv-2.24/ypserv/ypserv.c.staticanal 2011-03-30 15:07:59.591016649 +0200 +++ ypserv-2.24/ypserv/ypserv.c 2011-03-30 15:07:59.615016601 +0200 @@ -417,6 +417,11 @@ main (int argc, char **argv) umask (0); i = open ("/dev/null", O_RDWR); + if (i == -1) + { + log_msg ("opening /dev/null failed: %s\n", strerror (errno)); + exit (1); + } if (dup (i) == -1) { log_msg ("dup failed: %s\n", strerror (errno)); diff -up ypserv-2.24/ypxfr/ypxfr.c.staticanal ypserv-2.24/ypxfr/ypxfr.c --- ypserv-2.24/ypxfr/ypxfr.c.staticanal 2011-03-30 15:07:59.584016663 +0200 +++ ypserv-2.24/ypxfr/ypxfr.c 2011-03-30 15:07:59.617016597 +0200 @@ -837,7 +837,11 @@ main (int argc, char **argv) if (target_domain == NULL) { - yp_get_default_domain (&target_domain); + if (yp_get_default_domain (&target_domain) != 0) + { + log_msg ("Cannot get default domain"); + exit (1); + } if (target_domain == NULL) {