Tweak various issues for static analysis.

For autocons, though it's copying from a static source, use strncpy anyway,
despite the length being hardcoded already.  This makes static analysis happier.

Terminate the buff with a NULL.  This is superfluous as the strcpies that preceed
are guaranteed to null terminate, or exit the program.

In clortho, free(tmps), which is a valid leak, though clortho isn't long running.
Also, explicitly return 0, which is ultimately returned by main().

Static analysis could not figure out that padneeded implies that keylen is short of
chunk size, so change the check to be expressly the scenario that static analysis
was worried about directly, rather than indirectly.

Hint to static analysis that we don't care about the time as a time value by masking the
lower 32 bit explicitly.  This was already happening, but static analysis was afraid
that we wanted this as time instead of just some mutating value.

confluent_osdeploy/utils/autocons.c

@@ -68,16 +68,16 @@ int main(int argc, char* argv[]) {
     }
     if (currspeed == SPEED9600) {
         cspeed = B9600;
-        strcpy(offset, ",9600");
+        strncpy(offset, ",9600", 6);
     } else if (currspeed == SPEED19200) {
         cspeed = B19200;
-        strcpy(offset, ",19200");
+        strncpy(offset, ",19200", 7);
     } else if (currspeed == SPEED57600) {
         cspeed = B57600;
-        strcpy(offset, ",57600");
+        strncpy(offset, ",57600", 7);
     } else if (currspeed == SPEED115200) {
         cspeed = B115200;
-        strcpy(offset, ",115200");
+        strncpy(offset, ",115200", 8);
     } else {
         exit(0);
     }
@@ -86,6 +86,7 @@ int main(int argc, char* argv[]) {
         cfsetospeed(&tty, cspeed);
         cfsetispeed(&tty, cspeed);
     }
+    buff[127] = 0;
     printf("%s\n", buff);
     tcgetattr(ttyf, &tty2);
     cfmakeraw(&tty2);

confluent_osdeploy/utils/clortho.c

@@ -90,6 +90,7 @@ int getpasshmac(int argc, char* argv[]) {
     tmps = genpasswd(16);
     memcpy(buffer, "$5$", 3);
     memcpy(buffer + 3, tmps, 16);
+    free(tmps);
     buffer[19] = 0;
     fwrite(passwd, 1, 48, outfile);
     fclose(outfile);
@@ -105,6 +106,7 @@ int getpasshmac(int argc, char* argv[]) {
     free(hmac64);
     free(passwd);
     free(buffer);
+    return 0;
 }
 
 int main(int argc, char* argv[]) {

confluent_osdeploy/utils/sha-256.c

@@ -3,7 +3,7 @@
 
 #define TOTAL_LEN_LEN 8
 
-void hmac_sha256(uint8_t* hmac, char* msg, int msglen, char* key, int keylen) {
+void hmac_sha256(uint8_t* hmac, char* msg, int msglen, char* key, unsigned int keylen) {
     uint8_t *scratch;
     uint8_t keyprime[SIZE_OF_SHA_256_CHUNK];
     uint8_t keymod[SIZE_OF_SHA_256_CHUNK];
@@ -15,7 +15,7 @@ void hmac_sha256(uint8_t* hmac, char* msg, int msglen, char* key, int keylen) {
         memcpy(keyprime, key, keylen);
     }
     padneeded = SIZE_OF_SHA_256_CHUNK - keylen;
-    if (padneeded) {
+    if (keylen < SIZE_OF_SHA_256_CHUNK) {
         memset(keyprime + keylen, 0, padneeded);
     }
     for (padneeded=0; padneeded < SIZE_OF_SHA_256_CHUNK; padneeded++) {

confluent_osdeploy/utils/sha-256.h

@@ -61,7 +61,7 @@ void calc_sha_256(uint8_t hash[SIZE_OF_SHA_256_HASH], const void *input, size_t
  *
  * @note If either of the passed pointers is NULL, the results are unpredictable.
  */
-void hmac_sha256(uint8_t* hmac, char* msg, int msglen, char* key, int keylen);
+void hmac_sha256(uint8_t* hmac, char* msg, int msglen, char* key, unsigned int keylen);
 void sha_256_init(struct Sha_256 *sha_256, uint8_t hash[SIZE_OF_SHA_256_HASH]);
 
 /*

confluent_osdeploy/utils/urlmount.c

@@ -49,7 +49,7 @@ void *http_rechecker(void *argp) {
     int tmpidx, tmpval;
     tmpidx = open("/dev/urandom", O_RDONLY);
     if (tmpidx <= 0 || read(tmpidx, (char*)&tmpval, 4) < 0)
-        tmpval = time(NULL);
+        tmpval = time(NULL) & 0xffffffff;
     if (tmpidx >= 0)
         close(tmpidx);
     srand(tmpval);