From 0812ee3af2c3db3ac5fd6ad34ffd39ffc718eb93 Mon Sep 17 00:00:00 2001
From: Alan Somers <asomers@FreeBSD.org>
Date: Wed, 6 Dec 2017 23:24:11 +0000
Subject: [PATCH] Fix a null-pointer dereference and a tautological check in
 cam_get_device

Reported by:	Coverity
CID:		1017964
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D13184
---
 lib/libcam/camlib.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/libcam/camlib.c b/lib/libcam/camlib.c
index 1f221456ca23..40242958bfaf 100644
--- a/lib/libcam/camlib.c
+++ b/lib/libcam/camlib.c
@@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/param.h>
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -132,6 +133,9 @@ cam_get_device(const char *path, char *dev_name, int devnamelen, int *unit)
 	 * it so we don't hose the user's string.
 	 */
 	newpath = (char *)strdup(path);
+	if (newpath == NULL)
+		return (-1);
+
 	tmpstr = newpath;
 
 	/*
@@ -140,8 +144,9 @@ cam_get_device(const char *path, char *dev_name, int devnamelen, int *unit)
 	if (*tmpstr == '/') {
 		tmpstr2 = tmpstr;
 		tmpstr = strrchr(tmpstr2, '/');
-		if ((tmpstr != NULL) && (*tmpstr != '\0'))
-			tmpstr++;
+		/* We know that tmpstr2 contains a '/', so strrchr can't fail */
+		assert(tmpstr != NULL && *tmpstr != '\0');
+		tmpstr++;
 	}
 
 	if (*tmpstr == '\0') {