From patchwork Tue May 9 21:21:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236164 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 32D1D1993C for ; Tue, 9 May 2023 21:23:41 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42EAA106D6 for ; Tue, 9 May 2023 14:23:24 -0700 (PDT) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-64395e741fcso6509631b3a.2 for ; Tue, 09 May 2023 14:23:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667290; x=1686259290; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=/a1H5Uw7vjzJuOoJpULAG1rAFq0YE7GyjI2Q6kkpZiY=; b=WPMiEaRqTAWLmrn9/MHDHozgoWnJq3QeN0RuzFpcELM7oP+2AmJgYKkrNucsbT0BHt 6WHk0wenPlHtPX/RzaSsasJm812yBudcW+YxKQ458ld8LGkvqkrRff+xEp5o/pPYqxul +ydOuCPcvNPK+svBDSewW6EChDuArOxPfOSXBZ4P3JUT26Ma1GXrqqWffCMGAMrj1UkJ EV2+u6JtJLlk7xR7Ygn630I4TMoiyRHUNMYivr01ta/VbiC9Ob418c32RpDmFyicWiVj 9eDFxfwQuSR6TnQr4zUGXaGysxcK2LgZzyE37IwPmTjvAxDlbfiXDT5MXsW/WBOw3wtS uztg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667290; x=1686259290; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/a1H5Uw7vjzJuOoJpULAG1rAFq0YE7GyjI2Q6kkpZiY=; b=Q94uEvh39jcj1wm6AlwQB4fCZADibms0HfZWjxBHfGiSAFjd6e8Iu7oUFL0/4Lfi19 O9O1FD/cCdtJ8oC9efLIBK7u5ZXY74xCR0yUhhNRGom1b/eS17RS7KkGAyWq7n+m5LcF kpEiC6F0o/WsU10ADjBg+6jlr0qjP3wXZf2dfnQxI0C+6ge+FOQUmxIiutTDdJRoAl8R 3ngGbzPW9IaEGkrEJnKZBKvI6BvN+z9anrXwkXuUu6tv6LAwcfZeyyFhB25mX6PJ2a78 L0tQt86d97y4Q8HBmDHHyp1e4m0DeU07dWlS5w44ZbiesaLJlgRv/2T5HEeXGGGAdfSX 0mzw== X-Gm-Message-State: AC+VfDxsEGpGzckto3Tc2F+YOPtk5PKN4ad+7iCXzElTpBmqOXg9EN46 LXZ4YafTsnj8MejKk2PkvBOk5wlnp9oID0IyYKHcvA== X-Google-Smtp-Source: ACHHUZ4K9ptLq49KvxM8/ijqM6fmIdsCbfJCm7eDShE7jYdpWAPQMMuR/OvxjcSUlAjmiH2hieoWAQ== X-Received: by 2002:a05:6a00:1406:b0:62a:c1fa:b253 with SMTP id l6-20020a056a00140600b0062ac1fab253mr19105494pfu.31.1683667289805; Tue, 09 May 2023 14:21:29 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:29 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 01/11] lib/fs: fix file leak in task_get_name Date: Tue, 9 May 2023 14:21:15 -0700 Message-Id: <20230509212125.15880-2-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com Fixes the problem identified -fanalyzer. Why did rdma choose to reimplement the same function as exiting glibc pthread_getname(). fs.c: In function ‘get_task_name’: fs.c:355:12: warning: leak of FILE ‘f’ [CWE-775] [-Wanalyzer-file-leak] 355 | if (!fgets(name, len, f)) | ^ ‘get_task_name’: events 1-9 | | 345 | if (!pid) | | ^ | | | | | (1) following ‘false’ branch (when ‘pid != 0’)... |...... | 348 | if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path)) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(2) ...to here | | (3) following ‘false’ branch... |...... | 351 | f = fopen(path, "r"); | | ~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) opened here | 352 | if (!f) | | ~ | | | | | (6) assuming ‘f’ is non-NULL | | (7) following ‘false’ branch (when ‘f’ is non-NULL)... |...... | 355 | if (!fgets(name, len, f)) | | ~ ~~~~~~~~~~~~~~~~~~~ | | | | | | | (8) ...to here | | (9) following ‘true’ branch... | ‘get_task_name’: event 10 | |cc1: | (10): ...to here | ‘get_task_name’: event 11 | | 355 | if (!fgets(name, len, f)) | | ^ | | | | | (11) ‘f’ leaks here; was opened at (5) | fs.c:355:12: warning: leak of ‘f’ [CWE-401] [-Wanalyzer-malloc-leak] ‘get_task_name’: events 1-9 | | 345 | if (!pid) | | ^ | | | | | (1) following ‘false’ branch (when ‘pid != 0’)... |...... | 348 | if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path)) | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(2) ...to here | | (3) following ‘false’ branch... |...... | 351 | f = fopen(path, "r"); | | ~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) allocated here | 352 | if (!f) | | ~ | | | | | (6) assuming ‘f’ is non-NULL | | (7) following ‘false’ branch (when ‘f’ is non-NULL)... |...... | 355 | if (!fgets(name, len, f)) | | ~ ~~~~~~~~~~~~~~~~~~~ | | | | | | | (8) ...to here | | (9) following ‘true’ branch... | ‘get_task_name’: event 10 | |cc1: | (10): ...to here | ‘get_task_name’: event 11 | | 355 | if (!fgets(name, len, f)) | | ^ | | | | | (11) ‘f’ leaks here; was allocated at (5) Fixes: 81bfd01a4c9e ("lib: move get_task_name() from rdma") Signed-off-by: Stephen Hemminger --- lib/fs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/fs.c b/lib/fs.c index 22d4af7583dd..7f4b159ccb65 100644 --- a/lib/fs.c +++ b/lib/fs.c @@ -352,8 +352,10 @@ int get_task_name(pid_t pid, char *name, size_t len) if (!f) return -1; - if (!fgets(name, len, f)) + if (!fgets(name, len, f)) { + fclose(f); return -1; + } /* comm ends in \n, get rid of it */ name[strcspn(name, "\n")] = '\0'; From patchwork Tue May 9 21:21:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236165 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02A5A16427 for ; Tue, 9 May 2023 21:24:08 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7114310A1D for ; Tue, 9 May 2023 14:23:48 -0700 (PDT) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-64115eef620so45606222b3a.1 for ; Tue, 09 May 2023 14:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667291; x=1686259291; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0qyY9vSMxUyGRonOCTI8WhaWai7ZHTiWjUcLExZFkG0=; b=H1hastndYW8J9JI09S6LwY8EKAx2GSoJCl29yBNEOnGVCoRGWxYTN2RFFtKwTF7OSN cVnLfVyqUbYUrcYGuPSsJXZqO87EV3jlosDwJrb9m+bZGm1ANS36fbeAgFJD36/NF0ZR RPZ/U66aWye9KIGDywUGVJ4xaWTjwHtiCs/ztiUwYecxHsRtrEijpCVfiazWqzrWGH0r 3U8mI3NTvMnuGFeAAH0X/ZeTYf3xrZBHoXF2MynCbjTkMoTnrQC5c+hV8TKdtQ24up/a GScXrhMdAnpTNfF1JFCGp6DN2q+UX5XrUhdtsaMyVABEZfyRg8/ZwjyJD8301dK7S094 e8rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667291; x=1686259291; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0qyY9vSMxUyGRonOCTI8WhaWai7ZHTiWjUcLExZFkG0=; b=QKn5Z6Q9m2PT3ucJi0U0IgIzZDzcZcK9qQafKi5CuHuvNkzRbF3igOW4BiRtOBqOhQ 5BBG20micV1tYxFi2ApSr7XCDYRLsmMukirQ37YoE471UO8IHUGdDlf2HHipJPd8oXCD 3rsA2CILrB6jx5UbAF36KS+LF10zF5D61/tzrvzyPqPjaD+8YwB16gWiiappW2K834tx qNKR9a+EpYg139SfOorNaGcrNpkxUktrb6nMNa3wXrQDhgaRn03x8da2YpbPI2oEZ5qd iqOnPooy3VKvM9q7P0iAQcQYIvxhKq2lCYBjW0YTy8tiZDig740bZzcBiyqNrGwXFq5s 2kwQ== X-Gm-Message-State: AC+VfDyJgvXJVSy+Wz38nin40rQv1XWspbDySz0jfD5foCG8c8yx68LA fusMWaA5xTrnYhBQpnJQbK8Zz5KRxssF6mPhLjidQQ== X-Google-Smtp-Source: ACHHUZ4wBdbrcLdzfxcdnB8CwRf931S+Nt3COFqYDJ3MRNvQ+AjM/Be18jrU1wkEoISDJhbhe0K/3w== X-Received: by 2002:a05:6a00:298e:b0:63c:b3be:9784 with SMTP id cj14-20020a056a00298e00b0063cb3be9784mr22294384pfb.3.1683667291174; Tue, 09 May 2023 14:21:31 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:30 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 02/11] ipmaddr: fix dereference of NULL on malloc() failure Date: Tue, 9 May 2023 14:21:16 -0700 Message-Id: <20230509212125.15880-3-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com Found by -fanalyzer. This is a bug since beginning of initial versions of ip multicast support (pre git). ipmaddr.c: In function ‘read_dev_mcast’: ipmaddr.c:105:25: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference] 105 | memcpy(ma, &m, sizeof(m)); | ^~~~~~~~~~~~~~~~~~~~~~~~~ ‘do_multiaddr’: events 1-4 | | 354 | int do_multiaddr(int argc, char **argv) | | ^~~~~~~~~~~~ | | | | | (1) entry to ‘do_multiaddr’ | 355 | { | 356 | if (argc < 1) | | ~ | | | | | (2) following ‘true’ branch (when ‘argc <= 0’)... | 357 | return multiaddr_list(0, NULL); | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling ‘multiaddr_list’ from ‘do_multiaddr’ | +--> ‘multiaddr_list’: events 5-10 | | 255 | static int multiaddr_list(int argc, char **argv) | | ^~~~~~~~~~~~~~ | | | | | (5) entry to ‘multiaddr_list’ |...... | 262 | while (argc > 0) { | | ~~~~~~~~ | | | | | (6) following ‘false’ branch (when ‘argc <= 0’)... |...... | 275 | if (!filter.family || filter.family == AF_PACKET) | | ~ ~~~~~~~~~~~~~ | | | | | | | (7) ...to here | | (8) following ‘true’ branch... | 276 | read_dev_mcast(&list); | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (9) ...to here | | (10) calling ‘read_dev_mcast’ from ‘multiaddr_list’ | +--> ‘read_dev_mcast’: events 11-12 | | 82 | static void read_dev_mcast(struct ma_info **result_p) | | ^~~~~~~~~~~~~~ | | | | | (11) entry to ‘read_dev_mcast’ |...... | 87 | if (!fp) | | ~ | | | | | (12) following ‘false’ branch (when ‘fp’ is non-NULL)... | ‘read_dev_mcast’: event 13 | |cc1: | (13): ...to here | ‘read_dev_mcast’: events 14-17 | | 90 | while (fgets(buf, sizeof(buf), fp)) { | | ^~~~~ | | | | | (14) following ‘true’ branch... | 91 | char hexa[256]; | 92 | struct ma_info m = { .addr.family = AF_PACKET }; | | ~ | | | | | (15) ...to here |...... | 103 | struct ma_info *ma = malloc(sizeof(m)); | | ~~~~~~~~~~~~~~~~~ | | | | | (16) this call could return NULL | 104 | | 105 | memcpy(ma, &m, sizeof(m)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (17) ‘ma’ could be NULL: unchecked value from (16) | ipmaddr.c: In function ‘read_igmp’: ipmaddr.c:152:17: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference] 152 | memcpy(ma, &m, sizeof(m)); | ^~~~~~~~~~~~~~~~~~~~~~~~~ ‘do_multiaddr’: events 1-4 | | 354 | int do_multiaddr(int argc, char **argv) | | ^~~~~~~~~~~~ | | | | | (1) entry to ‘do_multiaddr’ | 355 | { | 356 | if (argc < 1) | | ~ | | | | | (2) following ‘true’ branch (when ‘argc <= 0’)... | 357 | return multiaddr_list(0, NULL); | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling ‘multiaddr_list’ from ‘do_multiaddr’ | +--> ‘multiaddr_list’: events 5-10 | | 255 | static int multiaddr_list(int argc, char **argv) | | ^~~~~~~~~~~~~~ | | | | | (5) entry to ‘multiaddr_list’ |...... | 262 | while (argc > 0) { | | ~~~~~~~~ | | | | | (6) following ‘false’ branch (when ‘argc <= 0’)... |...... | 275 | if (!filter.family || filter.family == AF_PACKET) | | ~~~~~~~~~~~~~ | | | | | (7) ...to here | 276 | read_dev_mcast(&list); | 277 | if (!filter.family || filter.family == AF_INET) | | ~ | | | | | (8) following ‘true’ branch... | 278 | read_igmp(&list); | | ~~~~~~~~~~~~~~~~ | | | | | (9) ...to here | | (10) calling ‘read_igmp’ from ‘multiaddr_list’ | +--> ‘read_igmp’: events 11-14 | | 116 | static void read_igmp(struct ma_info **result_p) | | ^~~~~~~~~ | | | | | (11) entry to ‘read_igmp’ |...... | 126 | if (!fp) | | ~ | | | | | (12) following ‘false’ branch (when ‘fp’ is non-NULL)... | 127 | return; | 128 | if (!fgets(buf, sizeof(buf), fp)) { | | ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (13) ...to here | | (14) following ‘false’ branch... | ‘read_igmp’: event 15 | |cc1: | (15): ...to here | ‘read_igmp’: events 16-19 | | 133 | while (fgets(buf, sizeof(buf), fp)) { | | ^~~~~ | | | | | (16) following ‘true’ branch... |...... | 136 | if (buf[0] != '\t') { | | ~~~~~~ | | | | | (17) ...to here |...... | 151 | ma = malloc(sizeof(m)); | | ~~~~~~~~~~~~~~~~~ | | | | | (18) this call could return NULL | 152 | memcpy(ma, &m, sizeof(m)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (19) ‘ma’ could be NULL: unchecked value from (18) | ipmaddr.c: In function ‘read_igmp6’: ipmaddr.c:181:25: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference] 181 | memcpy(ma, &m, sizeof(m)); | ^~~~~~~~~~~~~~~~~~~~~~~~~ ‘do_multiaddr’: events 1-4 | | 354 | int do_multiaddr(int argc, char **argv) | | ^~~~~~~~~~~~ | | | | | (1) entry to ‘do_multiaddr’ | 355 | { | 356 | if (argc < 1) | | ~ | | | | | (2) following ‘true’ branch (when ‘argc <= 0’)... | 357 | return multiaddr_list(0, NULL); | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling ‘multiaddr_list’ from ‘do_multiaddr’ | +--> ‘multiaddr_list’: events 5-10 | | 255 | static int multiaddr_list(int argc, char **argv) | | ^~~~~~~~~~~~~~ | | | | | (5) entry to ‘multiaddr_list’ |...... | 262 | while (argc > 0) { | | ~~~~~~~~ | | | | | (6) following ‘false’ branch (when ‘argc <= 0’)... |...... | 275 | if (!filter.family || filter.family == AF_PACKET) | | ~~~~~~~~~~~~~ | | | | | (7) ...to here |...... | 279 | if (!filter.family || filter.family == AF_INET6) | | ~ | | | | | (8) following ‘true’ branch... | 280 | read_igmp6(&list); | | ~~~~~~~~~~~~~~~~~ | | | | | (9) ...to here | | (10) calling ‘read_igmp6’ from ‘multiaddr_list’ | +--> ‘read_igmp6’: events 11-12 | | 159 | static void read_igmp6(struct ma_info **result_p) | | ^~~~~~~~~~ | | | | | (11) entry to ‘read_igmp6’ |...... | 164 | if (!fp) | | ~ | | | | | (12) following ‘false’ branch (when ‘fp’ is non-NULL)... | ‘read_igmp6’: event 13 | |cc1: | (13): ...to here | ‘read_igmp6’: events 14-17 | | 167 | while (fgets(buf, sizeof(buf), fp)) { | | ^~~~~ | | | | | (14) following ‘true’ branch... | 168 | char hexa[256]; | 169 | struct ma_info m = { .addr.family = AF_INET6 }; | | ~ | | | | | (15) ...to here |...... | 179 | struct ma_info *ma = malloc(sizeof(m)); | | ~~~~~~~~~~~~~~~~~ | | | | | (16) this call could return NULL | 180 | | 181 | memcpy(ma, &m, sizeof(m)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (17) ‘ma’ could be NULL: unchecked value from (16) | Signed-off-by: Stephen Hemminger --- ip/ipmaddr.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c index f8d6b992d254..a8ef20ec624a 100644 --- a/ip/ipmaddr.c +++ b/ip/ipmaddr.c @@ -102,6 +102,8 @@ static void read_dev_mcast(struct ma_info **result_p) if (len >= 0) { struct ma_info *ma = malloc(sizeof(m)); + if (ma == NULL) + break; memcpy(ma, &m, sizeof(m)); ma->addr.bytelen = len; ma->addr.bitlen = len<<3; @@ -149,6 +151,9 @@ static void read_igmp(struct ma_info **result_p) sscanf(buf, "%08x%d", (__u32 *)&m.addr.data, &m.users); ma = malloc(sizeof(m)); + if (ma == NULL) + break; + memcpy(ma, &m, sizeof(m)); maddr_ins(result_p, ma); } @@ -178,8 +183,10 @@ static void read_igmp6(struct ma_info **result_p) if (len >= 0) { struct ma_info *ma = malloc(sizeof(m)); - memcpy(ma, &m, sizeof(m)); + if (ma == NULL) + break; + memcpy(ma, &m, sizeof(m)); ma->addr.bytelen = len; ma->addr.bitlen = len<<3; maddr_ins(result_p, ma); From patchwork Tue May 9 21:21:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236158 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 422E219900 for ; Tue, 9 May 2023 21:23:04 +0000 (UTC) Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 748F3D048 for ; Tue, 9 May 2023 14:22:44 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-6435bbedb4fso6939572b3a.3 for ; Tue, 09 May 2023 14:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667292; x=1686259292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gm92ViUAYLKqPDDAyrxZT4UsjSYgVO31cUzdYID+F4o=; b=EXLEOW9mkZM4JgLxBx3tMZa8J7ZM5R9cJakWjJkDz1WfyKoZLOg/UIBYdax68ej5QN gxCwGO60eK0zTFQ43Bjmux6DJiJT4s5goMIUK9RMPP2/iZN/WVfB6jcMF6kSwK7WzxDd RDoCpoJqRCLWoQmJ9dxSLyFU243qnkquSTof+0grJWD6P23aL/1Do5yVtZx+oOV36svn ysdmRYf6YW+DAzL6oBS2KYRiq3bSROL0vq+cLIYj52Ln45SHLXRNV7zzN88UnimO7Xns rCeAsJtAq4F6DxfkC9A2fhkpc+n2qCatLrIaANI35DUE8Ti62twNn0L3V6AYi1yxbgap jDWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667292; x=1686259292; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gm92ViUAYLKqPDDAyrxZT4UsjSYgVO31cUzdYID+F4o=; b=AVrjcTvrnDvnHgo9Uw/JeI6H/OGVqT1KHBb2lNjdcxMe8iu9BKtdft2FucoVYFGfFT IxdxADN8mxQ0y5Sus2cr22Pp4sn/I5VE44bEczWWu5DzqddHNRnP07dAteyVoU3+8nHo 9/sFkvbsYq8Znfzj401/MYR92cqCuVIgzW0PibiibhcaIWjNUpVuN/1THSyJMR8Qy8xT 7HrDxhX+1pq8+a+7FzvRhplvL4W5sr/98YrDOHejBhRf2sTjOGkFXcPYuSWJUkk/fv9q SuJ0NsulEqURvp/+BKwRYg5KxHQnoLoVs+1mfixGGz1/YYI9HfqMbYP4DbNRDMF+ov9W SJLQ== X-Gm-Message-State: AC+VfDw5Kg0XSNklKyw7HOWqZeBqAlAvRbgfHkg5lo/4gUjIc7eUUeOU BlUn4rjdUXSUB8wW2i9uqJmutPdqGJ88gSSVlC3y1A== X-Google-Smtp-Source: ACHHUZ6Vq6w2pyIf1EtvrUk6fpzdjm5I8r3RQB2GKpyWrvwehjKEr8rcgq8aNz1XYLUC1Ek+raqY1Q== X-Received: by 2002:a05:6a00:2d25:b0:643:6b94:374b with SMTP id fa37-20020a056a002d2500b006436b94374bmr23530981pfb.1.1683667292358; Tue, 09 May 2023 14:21:32 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:31 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 03/11] iproute_lwtunnel: fix possible use of NULL when malloc() fails Date: Tue, 9 May 2023 14:21:17 -0700 Message-Id: <20230509212125.15880-4-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com iproute_lwtunnel.c: In function ‘parse_srh’: iproute_lwtunnel.c:903:9: warning: use of possibly-NULL ‘srh’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument] 903 | memset(srh, 0, srhlen); | ^~~~~~~~~~~~~~~~~~~~~~ ‘parse_srh’: events 1-2 | | 902 | srh = malloc(srhlen); | | ^~~~~~~~~~~~~~ | | | | | (1) this call could return NULL | 903 | memset(srh, 0, srhlen); | | ~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) argument 1 (‘srh’) from (1) could be NULL where non-null expected | In file included from iproute_lwtunnel.c:13: /usr/include/string.h:61:14: note: argument 1 of ‘memset’ must be non-null 61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1)); | ^~~~~~ iproute_lwtunnel.c: In function ‘parse_encap_seg6’: iproute_lwtunnel.c:980:9: warning: use of possibly-NULL ‘tuninfo’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument] 980 | memset(tuninfo, 0, sizeof(*tuninfo) + srhlen); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ‘parse_encap_seg6’: events 1-2 | | 934 | static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp, | | ^~~~~~~~~~~~~~~~ | | | | | (1) entry to ‘parse_encap_seg6’ |...... | 976 | srh = parse_srh(segbuf, hmac, encap); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling ‘parse_srh’ from ‘parse_encap_seg6’ | +--> ‘parse_srh’: events 3-5 | | 882 | static struct ipv6_sr_hdr *parse_srh(char *segbuf, int hmac, bool encap) | | ^~~~~~~~~ | | | | | (3) entry to ‘parse_srh’ |...... | 922 | if (hmac) { | | ~ | | | | | (4) following ‘false’ branch (when ‘hmac == 0’)... |...... | 931 | return srh; | | ~~~ | | | | | (5) ...to here | <------+ | ‘parse_encap_seg6’: events 6-8 | | 976 | srh = parse_srh(segbuf, hmac, encap); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) returning to ‘parse_encap_seg6’ from ‘parse_srh’ |...... | 979 | tuninfo = malloc(sizeof(*tuninfo) + srhlen); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) this call could return NULL | 980 | memset(tuninfo, 0, sizeof(*tuninfo) + srhlen); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (8) argument 1 (‘tuninfo’) from (7) could be NULL where non-null expected | /usr/include/string.h:61:14: note: argument 1 of ‘memset’ must be non-null 61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1)); | ^~~~~~ iproute_lwtunnel.c: In function ‘parse_rpl_srh’: iproute_lwtunnel.c:1018:21: warning: dereference of possibly-NULL ‘srh’ [CWE-690] [-Wanalyzer-possible-null-dereference] 1018 | srh->hdrlen = (srhlen >> 3) - 1; | ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ ‘parse_rpl_srh’: events 1-2 | | 1016 | srh = calloc(1, srhlen); | | ^~~~~~~~~~~~~~~~~ | | | | | (1) this call could return NULL | 1017 | | 1018 | srh->hdrlen = (srhlen >> 3) - 1; | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) ‘srh’ could be NULL: unchecked value from (1) | Fixes: 00e76d4da37f ("iproute: add helper functions for SRH processing") Signed-off-by: Stephen Hemminger --- ip/iproute_lwtunnel.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c index 308178efe054..96de3b207ef4 100644 --- a/ip/iproute_lwtunnel.c +++ b/ip/iproute_lwtunnel.c @@ -900,6 +900,9 @@ static struct ipv6_sr_hdr *parse_srh(char *segbuf, int hmac, bool encap) srhlen += 40; srh = malloc(srhlen); + if (srh == NULL) + return NULL; + memset(srh, 0, srhlen); srh->hdrlen = (srhlen >> 3) - 1; @@ -935,14 +938,14 @@ static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp, char ***argvp) { int mode_ok = 0, segs_ok = 0, hmac_ok = 0; - struct seg6_iptunnel_encap *tuninfo; + struct seg6_iptunnel_encap *tuninfo = NULL; struct ipv6_sr_hdr *srh; char **argv = *argvp; char segbuf[1024] = ""; int argc = *argcp; int encap = -1; __u32 hmac = 0; - int ret = 0; + int ret = -1; int srhlen; while (argc > 0) { @@ -974,9 +977,13 @@ static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp, } srh = parse_srh(segbuf, hmac, encap); + if (srh == NULL) + goto out; srhlen = (srh->hdrlen + 1) << 3; tuninfo = malloc(sizeof(*tuninfo) + srhlen); + if (tuninfo == NULL) + goto out; memset(tuninfo, 0, sizeof(*tuninfo) + srhlen); tuninfo->mode = encap; @@ -984,13 +991,12 @@ static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp, memcpy(tuninfo->srh, srh, srhlen); if (rta_addattr_l(rta, len, SEG6_IPTUNNEL_SRH, tuninfo, - sizeof(*tuninfo) + srhlen)) { - ret = -1; + sizeof(*tuninfo) + srhlen)) goto out; - } *argcp = argc + 1; *argvp = argv - 1; + ret = 0; out: free(tuninfo); @@ -1014,6 +1020,8 @@ static struct ipv6_rpl_sr_hdr *parse_rpl_srh(char *segbuf) srhlen = 8 + 16 * nsegs; srh = calloc(1, srhlen); + if (srh == NULL) + return NULL; srh->hdrlen = (srhlen >> 3) - 1; srh->type = 3; From patchwork Tue May 9 21:21:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236157 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4231719933 for ; Tue, 9 May 2023 21:23:04 +0000 (UTC) Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74B3DD2FF for ; Tue, 9 May 2023 14:22:44 -0700 (PDT) Received: by mail-pf1-x436.google.com with SMTP id d2e1a72fcca58-643bb9cdd6eso3976873b3a.1 for ; Tue, 09 May 2023 14:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667293; x=1686259293; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ycXfe3kBqmm2tf9gpohySSc0Cel6lk/s2F5OjMdAV5c=; b=pax9Y1Z9EjpU7/CfHl1Lrdmi66hL3x4vvdjLzN2nB/kq0lQB2DVHfJUbOxpMguBD7a Fx+R+oCBZ1uCvUcyUsmPuYRhVFZ3Obg0MCT0izHeEUep5wDeiNXy/10H6WrTybhwSw12 np02RqY5Jb1r5mJyRwxuIlMmkWkiS2h+URe+u0vb2u+AA0PaHP6aFlsYVgQHyOIklHy8 md9z0J9A7PCr/cM212DG2lnfn9ezqK8k1g1W1YCyzYkX2dwOEQIW+eepWUjwmLtLVrsR IfQhK5+3UT60XV2CZLAsmXyQ/MTdZmR2vAmVfCPyVWFqt/DWRcOF8hpxSTkEWvkFumHp pViQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667293; x=1686259293; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ycXfe3kBqmm2tf9gpohySSc0Cel6lk/s2F5OjMdAV5c=; b=Co9EqzqDvsPGJAsMXK/CRue1cuqQEVR6snoTxXXeR0uQoHgxOSEm0lT/FshVwZW9sp j5OFMfhsYtpha14GfvaSbDuhtwXgjPSE6oV16BgUYDek9sA+7IAHB9hS5i1mKHJur7yY C3xtrN9DYcbmdPprXQD4OEYWCwKCiQEV54khIFZ1JBZEdZwnHG7qRo+Zk1/Bp24Jmh+Q 4g7NkcLT1ggFgUdavJOdnR769p+Q1Il4hnznlr7FwB2G1faPMfbBZkqOMyRPDUn2qi80 y3rY0VwPkfdRrqQh1ETGoj+dxSby2vqGWncwuPC/dPQJj0zHNoLV1n0QaVc1i5Cw3+dH 6qGg== X-Gm-Message-State: AC+VfDz0S6W+5yDJu2FM0sdskxKt0lzx+C20dg2bYRnPQG4WxeOizaoL 9i0HHQuEOaE1zmKsUr0VK4KTqmD7F85YUMj8TWsWEw== X-Google-Smtp-Source: ACHHUZ742ybShdU5ez3eGjQPnA6x03n3cCMK9fK7mCxnLZ4VvWnuwggn8OELObxOgpOHT8MnBnEYTQ== X-Received: by 2002:a05:6a00:188d:b0:636:f899:46a0 with SMTP id x13-20020a056a00188d00b00636f89946a0mr20858232pfh.15.1683667293441; Tue, 09 May 2023 14:21:33 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:32 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 04/11] tc_filter: fix unitialized warning Date: Tue, 9 May 2023 14:21:18 -0700 Message-Id: <20230509212125.15880-5-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com When run with -fanalyzer. tc_filter.c: In function ‘tc_filter_list’: tc_filter.c:718:17: warning: use of uninitialized value ‘chain_index’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ‘do_chain’: events 1-4 | | 772 | int do_chain(int argc, char **argv) | | ^~~~~~~~ | | | | | (1) entry to ‘do_chain’ | 773 | { | 774 | if (argc < 1) | | ~ | | | | | (2) following ‘true’ branch (when ‘argc <= 0’)... | 775 | return tc_filter_list(RTM_GETCHAIN, 0, NULL); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling ‘tc_filter_list’ from ‘do_chain’ | +--> ‘tc_filter_list’: events 5-8 | | 582 | static int tc_filter_list(int cmd, int argc, char **argv) | | ^~~~~~~~~~~~~~ | | | | | (5) entry to ‘tc_filter_list’ |...... | 597 | __u32 chain_index; | | ~~~~~~~~~~~ | | | | | (6) region created on stack here | | (7) capacity: 4 bytes |...... | 601 | while (argc > 0) { | | ~~~~~~~~ | | | | | (8) following ‘false’ branch (when ‘argc <= 0’)... | ‘tc_filter_list’: event 9 | |../include/uapi/linux/pkt_sched.h:72:35: | 72 | #define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)|((min)&TC_H_MIN_MASK)) | | ~~~~~~^~~~~~~~~~~~~~~ | | | | | (9) ...to here tc_filter.c:698:26: note: in expansion of macro ‘TC_H_MAKE’ | 698 | req.t.tcm_info = TC_H_MAKE(prio<<16, protocol); | | ^~~~~~~~~ | ‘tc_filter_list’: events 10-16 | | 702 | if (d[0]) { | | ^ | | | | | (10) following ‘false’ branch... |...... | 707 | } else if (block_index) { | | ~~~~~~~~~~~~ | | || | | |(11) ...to here | | (12) following ‘false’ branch... |...... | 717 | if (filter_chain_index_set) | | ~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(13) ...to here | | (14) following ‘true’ branch... | 718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (15) ...to here | | (16) use of uninitialized value ‘chain_index’ here | tc_filter.c:718:17: warning: use of uninitialized value ‘chain_index’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ‘do_filter’: events 1-4 | | 744 | int do_filter(int argc, char **argv) | | ^~~~~~~~~ | | | | | (1) entry to ‘do_filter’ | 745 | { | 746 | if (argc < 1) | | ~ | | | | | (2) following ‘true’ branch (when ‘argc <= 0’)... | 747 | return tc_filter_list(RTM_GETTFILTER, 0, NULL); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here | | (4) calling ‘tc_filter_list’ from ‘do_filter’ | +--> ‘tc_filter_list’: events 5-8 | | 582 | static int tc_filter_list(int cmd, int argc, char **argv) | | ^~~~~~~~~~~~~~ | | | | | (5) entry to ‘tc_filter_list’ |...... | 597 | __u32 chain_index; | | ~~~~~~~~~~~ | | | | | (6) region created on stack here | | (7) capacity: 4 bytes |...... | 601 | while (argc > 0) { | | ~~~~~~~~ | | | | | (8) following ‘false’ branch (when ‘argc <= 0’)... | ‘tc_filter_list’: event 9 | |../include/uapi/linux/pkt_sched.h:72:35: | 72 | #define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)|((min)&TC_H_MIN_MASK)) | | ~~~~~~^~~~~~~~~~~~~~~ | | | | | (9) ...to here tc_filter.c:698:26: note: in expansion of macro ‘TC_H_MAKE’ | 698 | req.t.tcm_info = TC_H_MAKE(prio<<16, protocol); | | ^~~~~~~~~ | ‘tc_filter_list’: events 10-16 | | 702 | if (d[0]) { | | ^ | | | | | (10) following ‘false’ branch... |...... | 707 | } else if (block_index) { | | ~~~~~~~~~~~~ | | || | | |(11) ...to here | | (12) following ‘false’ branch... |...... | 717 | if (filter_chain_index_set) | | ~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(13) ...to here | | (14) following ‘true’ branch... | 718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (15) ...to here | | (16) use of uninitialized value ‘chain_index’ here | Signed-off-by: Stephen Hemminger --- tc/tc_filter.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tc/tc_filter.c b/tc/tc_filter.c index 700a09f62882..a1203c73738a 100644 --- a/tc/tc_filter.c +++ b/tc/tc_filter.c @@ -70,7 +70,7 @@ static int tc_filter_modify(int cmd, unsigned int flags, int argc, char **argv) __u32 protocol = 0; int protocol_set = 0; __u32 block_index = 0; - __u32 chain_index; + __u32 chain_index = 0; int chain_index_set = 0; char *fhandle = NULL; char d[IFNAMSIZ] = {}; @@ -594,7 +594,6 @@ static int tc_filter_list(int cmd, int argc, char **argv) char d[IFNAMSIZ] = {}; __u32 prio = 0; __u32 protocol = 0; - __u32 chain_index; __u32 block_index = 0; char *fhandle = NULL; @@ -676,6 +675,8 @@ static int tc_filter_list(int cmd, int argc, char **argv) protocol = res; filter_protocol = protocol; } else if (matches(*argv, "chain") == 0) { + __u32 chain_index; + NEXT_ARG(); if (filter_chain_index_set) duparg("chain", *argv); @@ -715,7 +716,7 @@ static int tc_filter_list(int cmd, int argc, char **argv) } if (filter_chain_index_set) - addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); + addattr32(&req.n, sizeof(req), TCA_CHAIN, filter_chain_index); if (brief) { struct nla_bitfield32 flags = { From patchwork Tue May 9 21:21:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236162 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC2BF182DB for ; Tue, 9 May 2023 21:23:07 +0000 (UTC) Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79A54D2E1 for ; Tue, 9 May 2023 14:22:49 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-64115eef620so45606495b3a.1 for ; Tue, 09 May 2023 14:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667295; x=1686259295; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wGAQF6ZyT4RZ3bVmBNWGKTuWkFpmHEXY2H7+E4jYjss=; b=jI7Q/WsVsYyawNxhaz9xobTX+OShOmpdUuGvTyKIyVbAAxSP8LXp/EhrMqCzikysZ4 E+ASGZz9jIS1opzufPMaqBEf2HieaXjfXr4dHTff0mr4OD6HIV9fyrIBBoRer3ViUmDu Ezbe+D1fDYL5sH30oLXBXZ4QQha472VEBx/hxaqlTq3sVc90LCZZhgN/Br+zeQHJea+i J6q9q97JLPmbt2E0FCLDSwNZoG/1UvUG0QN838G27FRymxVHBs1TmmNhb7TbDCZtJk4i 4Gw/GsovdDKpEUrv2m2g4EBnjDdN7/OUEIS67DzPnSw9V1FQP0UczqxqYSeihCYLhdp2 vabw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667295; x=1686259295; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wGAQF6ZyT4RZ3bVmBNWGKTuWkFpmHEXY2H7+E4jYjss=; b=Cm0CHuMsCpuODRL4BfeQdGqlTzoxoRXBxq2Sr6rihYk+sppLEUhcRd7xUT4XoYjBlE DSKUKFx3wwOdU95OHzUBIy0J6FgJpy7yVG0hXzlY1nOUZQMkpMj4sLI0vtVxW2p8gXVj Af3vtnZOEyQh25e4MU7BwF6RX+hd16/+MYGT7aLSbb2ftHv5bB0uL7petnk5/qrN+hU4 C27TlHSpTCwipuHloBycIeqf2nS8+cI/MZmymdVcBSQQ7Sd3H1qoeh3ITO0ohr3s/WrY E0tXpr37d8xw+iXCN7b/ONlOWOoLxWLOolf1WXT9Js2+kbIm6jR+ceQU14iDSHqiy/I/ yyhg== X-Gm-Message-State: AC+VfDxrkprudDxmHFGAe/CHLUwnc0/YdcUkBY9xj8GItmPRCT5BfGXJ vr8v0uvBXzXd0zeEWF0F/faIxF29yJ0Pi0fHqwHzng== X-Google-Smtp-Source: ACHHUZ7y4mUM5rasm+aDaBVtxL34h6c6HBi97cHR5bP5l38/lgX7ozkMr3AoF0uDo9rXdGj2WzOgeQ== X-Received: by 2002:a05:6a20:441c:b0:101:6908:2b03 with SMTP id ce28-20020a056a20441c00b0010169082b03mr3414236pzb.25.1683667295182; Tue, 09 May 2023 14:21:35 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:34 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 05/11] tc_util fix unitialized warning Date: Tue, 9 May 2023 14:21:19 -0700 Message-Id: <20230509212125.15880-6-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com tc_util.c: In function ‘parse_action_control_slash_spaces’: tc_util.c:488:28: warning: use of uninitialized value ‘result2’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 488 | *result2_p = result2; | ~~~~~~~~~~~^~~~~~~~~ ‘parse_action_control_slash_spaces’: events 1-5 | | 455 | static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to ‘parse_action_control_slash_spaces’ |...... | 461 | int result1 = -1, result2; | | ~~~~~~~ | | | | | (2) region created on stack here | | (3) capacity: 4 bytes |...... | 467 | switch (ok) { | | ~~~~~~ | | | | | (4) following ‘case 0:’ branch... |...... | 475 | ret = parse_action_control(&argc, &argv, | | ~ | | | | | (5) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’ | +--> ‘parse_action_control’: events 6-7 | | 432 | return __parse_action_control(argc_p, argv_p, result_p, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) ...to here | | (7) calling ‘__parse_action_control’ from ‘parse_action_control_slash_spaces’ | 433 | allow_num, false); | | ~~~~~~~~~~~~~~~~~ | ‘__parse_action_control’: events 8-11 | | 371 | static int __parse_action_control(int *argc_p, char ***argv_p, int *result_p, | | ^~~~~~~~~~~~~~~~~~~~~~ | | | | | (8) entry to ‘__parse_action_control’ |...... | 378 | if (!argc) | | ~ | | | | | (9) following ‘false’ branch (when ‘argc != 0’)... | 379 | return -1; | 380 | if (action_a2n(*argv, &result, allow_num) == -1) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (10) ...to here | | (11) calling ‘action_a2n’ from ‘__parse_action_control’ | +--> ‘action_a2n’: events 12-16 | | 335 | int action_a2n(char *arg, int *result, bool allow_num) | | ^~~~~~~~~~ | | | | | (12) entry to ‘action_a2n’ |...... | 356 | for (iter = a2n; iter->a; iter++) { | | ~~~~ | | | | | (13) following ‘true’ branch... | 357 | if (matches(arg, iter->a) != 0) | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (14) ...to here |...... | 366 | if (result) | | ~ | | | | | (15) following ‘true’ branch (when ‘result’ is non-NULL)... | 367 | *result = n; | | ~~~~~~~~~~~ | | | | | (16) ...to here | <------+ | ‘__parse_action_control’: event 17 | | 380 | if (action_a2n(*argv, &result, allow_num) == -1) { | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (17) returning to ‘__parse_action_control’ from ‘action_a2n’ | <------+ | ‘parse_action_control_slash_spaces’: event 18 | | 475 | ret = parse_action_control(&argc, &argv, | | ^ | | | | | (18) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’ | +--> ‘parse_action_control’: event 19 | | 432 | return __parse_action_control(argc_p, argv_p, result_p, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (19) returning to ‘parse_action_control_slash_spaces’ from ‘__parse_action_control’ | 433 | allow_num, false); | | ~~~~~~~~~~~~~~~~~ | <------+ | ‘parse_action_control_slash_spaces’: events 20-24 | | 477 | if (ret) | | ^ | | | | | (20) following ‘false’ branch... | 478 | return ret; | 479 | ok++; | | ~~~~ | | | | | (21) ...to here |...... | 487 | if (ok == 2) | | ~ | | | | | (22) following ‘true’ branch (when ‘ok == 2’)... | 488 | *result2_p = result2; | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (23) ...to here | | (24) use of uninitialized value ‘result2’ here | tc_util.c:488:28: warning: use of uninitialized value ‘result2’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 488 | *result2_p = result2; | ~~~~~~~~~~~^~~~~~~~~ ‘parse_action_control_slash’: events 1-5 | | 505 | int parse_action_control_slash(int *argc_p, char ***argv_p, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (1) entry to ‘parse_action_control_slash’ |...... | 510 | char *p = strchr(*argv, '/'); | | ~~~~~~~~~~~~~~~~~~ | | | | | (2) when ‘strchr’ returns NULL | 511 | | 512 | if (!p) | | ~ | | | | | (3) following ‘true’ branch (when ‘p’ is NULL)... | 513 | return parse_action_control_slash_spaces(argc_p, argv_p, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) calling ‘parse_action_control_slash_spaces’ from ‘parse_action_control_slash’ | 514 | result1_p, result2_p, | | ~~~~~~~~~~~~~~~~~~~~~ | 515 | allow_num); | | ~~~~~~~~~~ | +--> ‘parse_action_control_slash_spaces’: events 6-10 | | 455 | static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) entry to ‘parse_action_control_slash_spaces’ |...... | 461 | int result1 = -1, result2; | | ~~~~~~~ | | | | | (7) region created on stack here | | (8) capacity: 4 bytes |...... | 467 | switch (ok) { | | ~~~~~~ | | | | | (9) following ‘case 0:’ branch... |...... | 475 | ret = parse_action_control(&argc, &argv, | | ~ | | | | | (10) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’ | +--> ‘parse_action_control’: events 11-12 | | 432 | return __parse_action_control(argc_p, argv_p, result_p, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here | | (12) calling ‘__parse_action_control’ from ‘parse_action_control_slash_spaces’ | 433 | allow_num, false); | | ~~~~~~~~~~~~~~~~~ | ‘__parse_action_control’: events 13-16 | | 371 | static int __parse_action_control(int *argc_p, char ***argv_p, int *result_p, | | ^~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) entry to ‘__parse_action_control’ |...... | 378 | if (!argc) | | ~ | | | | | (14) following ‘false’ branch (when ‘argc != 0’)... | 379 | return -1; | 380 | if (action_a2n(*argv, &result, allow_num) == -1) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (15) ...to here | | (16) calling ‘action_a2n’ from ‘__parse_action_control’ | +--> ‘action_a2n’: events 17-21 | | 335 | int action_a2n(char *arg, int *result, bool allow_num) | | ^~~~~~~~~~ | | | | | (17) entry to ‘action_a2n’ |...... | 356 | for (iter = a2n; iter->a; iter++) { | | ~~~~ | | | | | (18) following ‘true’ branch... | 357 | if (matches(arg, iter->a) != 0) | | ~~~~~~~~~~~~~~~~~~~~~ | | | | | (19) ...to here |...... | 366 | if (result) | | ~ | | | | | (20) following ‘true’ branch (when ‘result’ is non-NULL)... | 367 | *result = n; | | ~~~~~~~~~~~ | | | | | (21) ...to here | <------+ | ‘__parse_action_control’: event 22 | | 380 | if (action_a2n(*argv, &result, allow_num) == -1) { | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (22) returning to ‘__parse_action_control’ from ‘action_a2n’ | <------+ | ‘parse_action_control_slash_spaces’: event 23 | | 475 | ret = parse_action_control(&argc, &argv, | | ^ | | | | | (23) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’ | +--> ‘parse_action_control’: event 24 | | 432 | return __parse_action_control(argc_p, argv_p, result_p, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (24) returning to ‘parse_action_control_slash_spaces’ from ‘__parse_action_control’ | 433 | allow_num, false); | | ~~~~~~~~~~~~~~~~~ | <------+ | ‘parse_action_control_slash_spaces’: events 25-29 | | 477 | if (ret) | | ^ | | | | | (25) following ‘false’ branch... | 478 | return ret; | 479 | ok++; | | ~~~~ | | | | | (26) ...to here |...... | 487 | if (ok == 2) | | ~ | | | | | (27) following ‘true’ branch (when ‘ok == 2’)... | 488 | *result2_p = result2; | | ~~~~~~~~~~~~~~~~~~~~ | | | | | (28) ...to here | | (29) use of uninitialized value ‘result2’ here | Fixes: e67aba559581 ("tc: actions: add helpers to parse and print control actions") Signed-off-by: Stephen Hemminger --- tc/tc_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tc/tc_util.c b/tc/tc_util.c index 0714134eb548..ed9efa70cabd 100644 --- a/tc/tc_util.c +++ b/tc/tc_util.c @@ -458,7 +458,7 @@ static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p, { int argc = *argc_p; char **argv = *argv_p; - int result1 = -1, result2; + int result1 = -1, result2 = -1; int *result_p = &result1; int ok = 0; int ret; From patchwork Tue May 9 21:21:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236166 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20BF419909 for ; Tue, 9 May 2023 21:30:15 +0000 (UTC) Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57234D85C for ; Tue, 9 May 2023 14:29:42 -0700 (PDT) Received: by mail-io1-xd36.google.com with SMTP id ca18e2360f4ac-76c60c88d0cso65963239f.2 for ; Tue, 09 May 2023 14:29:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667718; x=1686259718; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KZVejeAnxoqLBX7omICtCCw3k65BATms4dJx0VY3K70=; b=vokvyQ0nLmHudReBje6R+fBfXv+97LwPhdEWYgaRAvrf7ryb6hxhrfVsVCJr4yHdqh 1KGi6tLmhBmJtlBLmiHdvo2SkmG3tJMrumxjZmwIzsWD+C/xp+7jiEUGfbKvssHC1rDX mIY4wIizaD8xk9dVdTn8Yg/YYGjvn7d0sCzvQJOhEZWUj2GzV5CiAV8REER3LUmsrCG5 YPesnY7MO8EuWN2Yv5ax+WkaU1nFKcs3pcDZyLSHc4PIAKd4yXxHk3+Qd5TheouJbOP4 QrlERFvjUaXsIxkJTSZcq8oPYzfLyQDr72koVbZYVMlbIIMcHsyqDTtWDykDmjGGPHhz ZUVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667718; x=1686259718; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KZVejeAnxoqLBX7omICtCCw3k65BATms4dJx0VY3K70=; b=euIoZuYnlQZGdQcpSL8RdJ5mPxgp4ixR0X/mbHbbJ+FpItwTPnxwrsO1cM/aH4cpsd 4367hAK4FJYOkZSphoeMtxGE53OeOSvfLc4EcDxR57hWKbA+uQKlK+PyFUGUFOkB054k cmJmpfhFgIwN8bhc3+WbS02d6OMU8PRCg3XX+E0RjQlIiGGQQNRD4uKAijmJeSBgng88 q4ppNmcSzciQETKMM2twvCimMHDxaOoUoXtYImc8GTvQ0fvDyEH6Nm8w12pJpvdQfmoJ 0OS9G5wPTMmsoHj+zbNlxz64rKcJYIMqrlbao2NXNA8A7kTpt/w/48M8+4dzl49y/XXw k8HA== X-Gm-Message-State: AC+VfDwf+VuV0+tPBMjgB3h3ChngrWQ2rqd47Wl6Mr+btDwjGypWmkSk 0ljaZHU1/e4wq+HKkQO9fS9sOgDsPy/80Nnh81tiPA== X-Google-Smtp-Source: ACHHUZ62qFk1so0jtsqQNfzuXZHuv4rBgcgqfFDT+bkhnRv/hFjL/7zDENZiutP3XEONeAHiA0YhVA== X-Received: by 2002:a05:6a00:1954:b0:645:4a3d:a14f with SMTP id s20-20020a056a00195400b006454a3da14fmr13759073pfk.29.1683667296246; Tue, 09 May 2023 14:21:36 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:35 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 06/11] tc_exec: don't dereference NULL on calloc failure Date: Tue, 9 May 2023 14:21:20 -0700 Message-Id: <20230509212125.15880-7-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com Reported as: tc_exec.c: In function ‘do_exec’: tc_exec.c:103:18: warning: dereference of NULL ‘eu’ [CWE-476] [-Wanalyzer-null-dereference] 103 | return eu->parse_eopt(eu, argc, argv); | ~~^~~~~~~~~~~~ ‘do_exec’: events 1-6 | | 81 | int do_exec(int argc, char **argv) | | ^~~~~~~ | | | | | (1) entry to ‘do_exec’ |...... | 86 | if (argc < 1) { | | ~ | | | | | (2) following ‘false’ branch (when ‘argc > 0’)... |...... | 91 | if (matches(*argv, "help") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(3) ...to here | | (4) following ‘true’ branch... |...... | 96 | strncpy(kind, *argv, sizeof(kind) - 1); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) ...to here | 97 | | 98 | eu = get_exec_kind(kind); | | ~~~~~~~~~~~~~~~~~~~ | | | | | (6) calling ‘get_exec_kind’ from ‘do_exec’ | +--> ‘get_exec_kind’: events 7-10 | | 40 | static struct exec_util *get_exec_kind(const char *name) | | ^~~~~~~~~~~~~ | | | | | (7) entry to ‘get_exec_kind’ |...... | 63 | if (eu == NULL) | | ~ | | | | | (8) following ‘true’ branch (when ‘eu’ is NULL)... | 64 | goto noexist; | | ~~~~ | | | | | (9) ...to here |...... | 72 | if (eu) { | | ~ | | | | | (10) following ‘false’ branch (when ‘eu’ is NULL)... | ‘get_exec_kind’: event 11 | |cc1: | (11): ...to here | <------+ | ‘do_exec’: events 12-13 | | 98 | eu = get_exec_kind(kind); | | ^~~~~~~~~~~~~~~~~~~ | | | | | (12) return of NULL to ‘do_exec’ from ‘get_exec_kind’ |...... | 103 | return eu->parse_eopt(eu, argc, argv); | | ~~~~~~~~~~~~~~ | | | | | (13) dereference of NULL ‘eu’ | Fixes: 4bd624467bc6 ("tc: built-in eBPF exec proxy") Signed-off-by: Stephen Hemminger --- tc/tc_exec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tc/tc_exec.c b/tc/tc_exec.c index 5d8834029a0b..182fbb4c35c9 100644 --- a/tc/tc_exec.c +++ b/tc/tc_exec.c @@ -96,6 +96,10 @@ int do_exec(int argc, char **argv) strncpy(kind, *argv, sizeof(kind) - 1); eu = get_exec_kind(kind); + if (eu == NULL) { + fprintf(stderr, "Allocation failed finding exec\n"); + return -1; + } argc--; argv++; From patchwork Tue May 9 21:21:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236160 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA44D18C05 for ; Tue, 9 May 2023 21:23:07 +0000 (UTC) Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACD4B3C0C for ; Tue, 9 May 2023 14:22:49 -0700 (PDT) Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-6434e65d808so6780533b3a.3 for ; Tue, 09 May 2023 14:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667297; x=1686259297; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SyABgZ6kkWDM9JoBrAo/EnkL9KnbMq4g/Z4xY3yM2ZQ=; b=pX/z4o+5XnX25k5I3bZ18pMe1sMGxVUDHGW8CxilPyjK9AjGxC6VPV/hm/HxbveS+S 4SPJUXvcfhP6B7Fr5Ona+gFg2HhMk16Y/D+nQrnrolEvTveFoJQujdfsFtlGKG5NrDXc jqLnc2UJ/rBXDudX0Zv8tHQ9ztcavd9Y/4f25KYjKZi2eI450sleJX/FbVzzUdsnmDCF R2tUBgHPcWOr+gCEENdrFvreWgxURe84rIxlK9KAImvu2s/PQoQuIkpXjdmJQPThNrol tPvu6NX3Pj8i1y+Nsc3Pb5kSZOpeuq2Qx4Qk3Ub9tdlLRMx4ilS6IRpU1/FrvmiS3iM6 QIJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667297; x=1686259297; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SyABgZ6kkWDM9JoBrAo/EnkL9KnbMq4g/Z4xY3yM2ZQ=; b=aVIBMp3y+hITvC8vqKLAqriEYaf9sml7SJ+TkPdmZFr8c600+5Qx98L2NSrfkqd/ks x1ukAryf2B06JWOzqAmCyYq1qcGVk8j6h4OVs1RrnqgveHgFg6ROTZZQAX+xbvEmaEOR RVQii99sRMVOsjkZfc1Ps6AZXFJgw9a8LFmYXJ7eISA5V7/ey811gb+Sn4sWZmTlrJvW Pf0nwzgq0S4GAK7czG8Y8vMMDI1SLLXip/xvt2UddeOU3wM2rQGhwrY0x5aoEjuPiR8J 5E833+X0svR0wjrJOv6k3c+2BjjQ1C8Dao2C6lmrUJq2qa68PmXVB8jkrwtox9Oafy46 sITw== X-Gm-Message-State: AC+VfDzZChY90C1ByZ2CN1CyonWnoz7J5MA7sf+BxCCGVVckJqkr9kYI okQxfSVyG2gsP5Uqb3kxTobjXYLnZcgz/bMZL54t8Q== X-Google-Smtp-Source: ACHHUZ7ROC4EefvRI/FBEYFu8VTeasgV7dBendfU2De5jrRvP7wmS0afsJPQttlIKNcwkMGfQgx5dQ== X-Received: by 2002:a05:6a00:2189:b0:63d:4446:18ab with SMTP id h9-20020a056a00218900b0063d444618abmr18803912pfi.23.1683667297161; Tue, 09 May 2023 14:21:37 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:36 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 07/11] m_action: fix warning of overwrite of const string Date: Tue, 9 May 2023 14:21:21 -0700 Message-Id: <20230509212125.15880-8-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com The function get_action_kind() searches first for the given action, then rescans on failure for "gact". In the process, it would overwrite the argument. Avoid the warning by using a const argument and not copying. The problem dates back to pre-git history. m_action.c: In function ‘get_action_kind’: m_action.c:126:17: warning: write to string literal [-Wanalyzer-write-to-string-literal] 126 | strcpy(str, "gact"); | ^~~~~~~~~~~~~~~~~~~ ‘do_action’: events 1-6 | | 853 | int do_action(int argc, char **argv) | | ^~~~~~~~~ | | | | | (1) entry to ‘do_action’ |...... | 858 | while (argc > 0) { | | ~~~~~~~~ | | | | | (2) following ‘true’ branch... | 859 | | 860 | if (matches(*argv, "add") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(3) ...to here | | (4) following ‘false’ branch... | 861 | ret = tc_action_modify(RTM_NEWACTION, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) ...to here | | (6) calling ‘tc_action_modify’ from ‘do_action’ | 862 | NLM_F_EXCL | NLM_F_CREATE, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | 863 | &argc, &argv); | | ~~~~~~~~~~~~~ | +--> ‘tc_action_modify’: events 7-8 | | 715 | static int tc_action_modify(int cmd, unsigned int flags, | | ^~~~~~~~~~~~~~~~ | | | | | (7) entry to ‘tc_action_modify’ |...... | 735 | if (parse_action(&argc, &argv, TCA_ACT_TAB, &req.n)) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (8) calling ‘parse_action’ from ‘tc_action_modify’ | +--> ‘parse_action’: events 9-18 | | 203 | int parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) | | ^~~~~~~~~~~~ | | | | | (9) entry to ‘parse_action’ |...... | 217 | if (argc <= 0) | | ~ | | | | | (10) following ‘false’ branch... |...... | 220 | tail2 = addattr_nest(n, MAX_MSG, tca_id); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here | 221 | | 222 | while (argc > 0) { | | ~~~~~~~~ | | | | | (12) following ‘true’ branch... | 223 | | 224 | memset(k, 0, sizeof(k)); | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) ...to here | 225 | | 226 | if (strcmp(*argv, "action") == 0) { | | ~ | | | | | (14) following ‘true’ branch (when the strings are equal)... | 227 | argc--; | | ~~~~~~ | | | | | (15) ...to here |...... | 231 | if (!gact_ld) | | ~ | | | | | (16) following ‘true’ branch... | 232 | get_action_kind("gact"); | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (17) ...to here | | (18) calling ‘get_action_kind’ from ‘parse_action’ | +--> ‘get_action_kind’: events 19-24 | | 86 | static struct action_util *get_action_kind(char *str) | | ^~~~~~~~~~~~~~~ | | | | | (19) entry to ‘get_action_kind’ |...... | 114 | if (a == NULL) | | ~ | | | | | (20) following ‘true’ branch (when ‘a’ is NULL)... | 115 | goto noexist; | | ~~~~ | | | | | (21) ...to here |...... | 124 | if (!looked4gact) { | | ~ | | | | | (22) following ‘true’ branch (when ‘looked4gact == 0’)... | 125 | looked4gact = 1; | 126 | strcpy(str, "gact"); | | ~~~~~~~~~~~~~~~~~~~ | | | | | (23) ...to here | | (24) write to string literal here | Signed-off-by: Stephen Hemminger --- tc/m_action.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tc/m_action.c b/tc/m_action.c index a446cabdb98c..16474c56118c 100644 --- a/tc/m_action.c +++ b/tc/m_action.c @@ -83,7 +83,7 @@ static int parse_noaopt(struct action_util *au, int *argc_p, return -1; } -static struct action_util *get_action_kind(char *str) +static struct action_util *get_action_kind(const char *str) { static void *aBODY; void *dlh; @@ -123,7 +123,7 @@ noexist: #ifdef CONFIG_GACT if (!looked4gact) { looked4gact = 1; - strcpy(str, "gact"); + str = "gact"; goto restart_s; } #endif From patchwork Tue May 9 21:21:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236167 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 376F31990E for ; Tue, 9 May 2023 21:30:33 +0000 (UTC) Received: from mail-ua1-x92b.google.com (mail-ua1-x92b.google.com [IPv6:2607:f8b0:4864:20::92b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 06C8F868D for ; Tue, 9 May 2023 14:30:02 -0700 (PDT) Received: by mail-ua1-x92b.google.com with SMTP id a1e0cc1a2514c-77d049b9040so32913254241.1 for ; Tue, 09 May 2023 14:30:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667749; x=1686259749; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PCAMuhT0Lspy7U+C4HPIny0OSgsSu/nIVqTyp9kVRMI=; b=pjRqHT/OJUB9NFrBFq2ZS1QKnlQVAxokPcMhIlmCZ1rtCJbAXX+GtnT9Dkpsazu8Js QyUHytLxW5ru2/7dxrMj2MQc8dEljK8wLFpR7ILMzJ11tzTXecA3sZHKfQbIatf3TiyN TRTOqZL85nC77b7ixazk4vPDxobY1wK6cgOLfpjIySZ8hPySPDHLI1cWEb8aEGYcvn/9 6veXBo/0SRUb12v0lXzwQshFhq81jbomMySftB5wwHIVRb33vFlTXDhNkdjRqcGv89uD pqq3Gd+fOzzWs7t2WJc9LPC5CgSuNsiUHmnj4XQTR3wpfzb9UHgTioMRSEbHUVJxxlQT XBzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667749; x=1686259749; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PCAMuhT0Lspy7U+C4HPIny0OSgsSu/nIVqTyp9kVRMI=; b=GuqUNF9oxX6iEm7LT4rrTNU+AR9Ll6/v/U3V1fB+7qobhCCh0WjagiMjcgSRY0SAhD Sc7GVeKvXhAogPb9w0qc76HpXjsL13uzi665bPm5/Oo1OJGQof4YLpzllSFX9tk1WmXB n/Mqx1fwDLx5X9QKhPnZUrzSGty9mogGWg8TMCffqmdZVRf5+aQE9pHcumgw6dl+/Wga f79zPPpBmJvY1c5bSJra/s+SayoNR23p9WiE96uQdGh0QUChg5epYVtQRJvQ0g5gs7fc 8hBIBy1li5qay/SV6Fk3Pcv17Uc/PmKOW11w78ly2tlRpE6z26UJNNYjIAUi8cWBgXeO YoIw== X-Gm-Message-State: AC+VfDyO7PbQoMu4W/UVBWeO1waZLJHgJyTMwPSIaZM9h1KUWGC9HRDI +Nva9FaQgqXx12vB2pfgzHj7FuDyP3jKsb7tyzGkKA== X-Google-Smtp-Source: ACHHUZ4zwvibGpTcZr6WzThk3ef//DNZJRHzy2x7uE807TapgO6jQJ/nxGgorMEI03PyqlR1CyicAg== X-Received: by 2002:a05:6a00:1ad1:b0:635:1770:beb7 with SMTP id f17-20020a056a001ad100b006351770beb7mr17408617pfv.14.1683667298038; Tue, 09 May 2023 14:21:38 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:37 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 08/11] netem: fix NULL deref on allocation failure Date: Tue, 9 May 2023 14:21:22 -0700 Message-Id: <20230509212125.15880-9-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com q_netem.c: In function ‘get_distribution’: q_netem.c:159:35: warning: dereference of possibly-NULL ‘data’ [CWE-690] [-Wanalyzer-possible-null-dereference] 159 | data[n++] = x; | ~~~~~~~~~~^~~ ‘netem_parse_opt’: events 1-24 | | 192 | static int netem_parse_opt(struct qdisc_util *qu, int argc, char **argv, | | ^~~~~~~~~~~~~~~ | | | | | (1) entry to ‘netem_parse_opt’ |...... | 212 | for ( ; argc > 0; --argc, ++argv) { | | ~~~~~~~~ | | | | | (2) following ‘true’ branch (when ‘argc > 0’)... | 213 | if (matches(*argv, "limit") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(3) ...to here | | (4) following ‘true’ branch... |...... | 219 | } else if (matches(*argv, "latency") == 0 || | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | | |(5) ...to here (8) following ‘true’ branch... | | (6) following ‘true’ branch... | 220 | matches(*argv, "delay") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (7) ...to here |...... | 243 | } else if (matches(*argv, "loss") == 0 || | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | | |(9) ...to here (12) following ‘true’ branch... | | (10) following ‘true’ branch... | 244 | matches(*argv, "drop") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (11) ...to here |...... | 366 | } else if (matches(*argv, "ecn") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(13) ...to here | | (14) following ‘true’ branch... | 367 | present[TCA_NETEM_ECN] = 1; | 368 | } else if (matches(*argv, "reorder") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(15) ...to here | | (16) following ‘true’ branch... |...... | 383 | } else if (matches(*argv, "corrupt") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(17) ...to here | | (18) following ‘true’ branch... |...... | 398 | } else if (matches(*argv, "gap") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(19) ...to here | | (20) following ‘true’ branch... |...... | 404 | } else if (matches(*argv, "duplicate") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(21) ...to here | | (22) following ‘true’ branch... |...... | 417 | } else if (matches(*argv, "distribution") == 0) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(23) ...to here | | (24) following ‘false’ branch... | ‘netem_parse_opt’: event 25 | |../include/utils.h:50:29: | 50 | #define NEXT_ARG() do { argv++; if (--argc <= 0) incomplete_command(); } while(0) | | ~~~~^~ | | | | | (25) ...to here q_netem.c:418:25: note: in expansion of macro ‘NEXT_ARG’ | 418 | NEXT_ARG(); | | ^~~~~~~~ | ‘netem_parse_opt’: event 26 | |../include/utils.h:50:36: | 50 | #define NEXT_ARG() do { argv++; if (--argc <= 0) incomplete_command(); } while(0) | | ^ | | | | | (26) following ‘false’ branch (when ‘argc != 0’)... q_netem.c:418:25: note: in expansion of macro ‘NEXT_ARG’ | 418 | NEXT_ARG(); | | ^~~~~~~~ | ‘netem_parse_opt’: events 27-29 | | 419 | dist_data = calloc(sizeof(dist_data[0]), MAX_DIST); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (27) ...to here | | (28) this call could return NULL | 420 | dist_size = get_distribution(*argv, dist_data, MAX_DIST); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (29) calling ‘get_distribution’ from ‘netem_parse_opt’ | +--> ‘get_distribution’: events 30-31 | | 124 | static int get_distribution(const char *type, __s16 *data, int maxdata) | | ^~~~~~~~~~~~~~~~ | | | | | (30) entry to ‘get_distribution’ |...... | 135 | if (f == NULL) { | | ~ | | | | | (31) following ‘false’ branch (when ‘f’ is non-NULL)... | ‘get_distribution’: event 32 | |cc1: | (32): ...to here | ‘get_distribution’: events 33-35 | | 142 | while (getline(&line, &len, f) != -1) { | | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~ | | | | | (33) following ‘true’ branch... |...... | 145 | if (*line == '\n' || *line == '#') | | ~~~~~~ | | || | | |(34) ...to here | | (35) following ‘false’ branch... | ‘get_distribution’: event 36 | |cc1: | (36): ...to here | ‘get_distribution’: events 37-41 | | 150 | if (endp == p) | | ^ | | | | | (37) following ‘false’ branch... |...... | 153 | if (n >= maxdata) { | | ~ | | | | | (38) ...to here | | (39) following ‘false’ branch (when ‘n < maxdata’)... |...... | 159 | data[n++] = x; | | ~~~~~~~~~~~~~ | | | | | | | (41) ‘data + (long unsigned int)n * 2’ could be NULL: unchecked value from (28) | | (40) ...to here | Fixes: c1b81cb5fe92 ("netem potential dist table overflow") Signed-off-by: Stephen Hemminger --- tc/q_netem.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tc/q_netem.c b/tc/q_netem.c index 26402e9ad93f..d1d79b0b4d35 100644 --- a/tc/q_netem.c +++ b/tc/q_netem.c @@ -417,6 +417,9 @@ random_loss_model: } else if (matches(*argv, "distribution") == 0) { NEXT_ARG(); dist_data = calloc(sizeof(dist_data[0]), MAX_DIST); + if (dist_data == NULL) + return -1; + dist_size = get_distribution(*argv, dist_data, MAX_DIST); if (dist_size <= 0) { free(dist_data); From patchwork Tue May 9 21:21:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236163 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0F4119E48 for ; Tue, 9 May 2023 21:23:13 +0000 (UTC) Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E417DDBE for ; Tue, 9 May 2023 14:22:59 -0700 (PDT) Received: by mail-pf1-x436.google.com with SMTP id d2e1a72fcca58-64388cf3263so4592830b3a.3 for ; Tue, 09 May 2023 14:22:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667299; x=1686259299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qsmBcgUebKPUHByZozvyrT4LxVt6vU9NOhArab8Y1QA=; b=pZM9y/lsJJb3nQu23XNxLevM0P0o3WiSAvT/dnPBvy6xcn+RCoY6DBHa8/BAmsUAlK zmqkcZH9PEMZyRu3JSISmWqwIqhSd9JRr0muF4xiYZ47TveVUZ5VuT3OgdwKaKuR90F9 FPc1r+nyjt+o6Zuj7lxRKzWc/fWryZ4MpA+cDBAdLTrOZrW0WPJBVrovp0xMDayGr+QO AOfFW1HuH1n8nAksW0zzSbfXwFtZgiBHIUFO90ymxoIeJCuRbDrBjCK4CcsBy3cgMYv1 R9xE/1BACMC40yKKqcaZemzMgVNmph+HNRAeizn14t7EuPtBJomKPsvDiSA4EqPMXqk6 jGlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667299; x=1686259299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qsmBcgUebKPUHByZozvyrT4LxVt6vU9NOhArab8Y1QA=; b=KfnOV7tNa5pGHnnOGbxK333OP5Y0nqrjALZZcPtou4coDHDzUlCt4V9T8tN+OdxljN drVPlfFiVH+qYdwPDMDrvGLW1z0IbxNqB3CulGj4OhPBbNO3AEXaPMbFlqLi5YdfGGug UGaITeQnaeUCE5R+edFZFUGmp5sEX+eTU6yGvaAwE2MzeNvbeDyZyM+MrfKRi7zLfjLM OfDee4LatfxZW93DNvWnuQKMOqtap1MOPUSTnPwkEq449bqUgZ2K3wCibAHe0C5jYUmq DmGgI0s4GETElGr/FWffsbwaDDQ9+fLz+c4xcVgxMtRp3F/CFnYnGIkjR63BxW/jRWRm UdBg== X-Gm-Message-State: AC+VfDz5k3v06wl0gBTxD9ejbP0p/iYZ0iqwAK3TukiQXF4tYPPYzVlt 3I7EppBjPLu+Y9akOT/M//GDUPxpOspZILsuNcBnCw== X-Google-Smtp-Source: ACHHUZ6yEFFwrwBYsM/R/DOaqeI0i/4UGnbaEQC5O9/84du6rKxPQxom51rXRc7WWaxm2yPaIzx5jQ== X-Received: by 2002:a05:6a00:ac2:b0:63d:2f13:200 with SMTP id c2-20020a056a000ac200b0063d2f130200mr22860369pfl.16.1683667298983; Tue, 09 May 2023 14:21:38 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:38 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 09/11] nstat: fix potential NULL deref Date: Tue, 9 May 2023 14:21:23 -0700 Message-Id: <20230509212125.15880-10-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com Reported as: CC nstat nstat.c: In function ‘load_ugly_table’: nstat.c:205:24: warning: dereference of NULL ‘p’ [CWE-476] [-Wanalyzer-null-dereference] 205 | while (*p) { | ^~ ‘main’: events 1-14 | | 575 | int main(int argc, char *argv[]) | | ^~~~ | | | | | (1) entry to ‘main’ |...... | 635 | if (scan_interval > 0) { | | ~ | | | | | (2) following ‘true’ branch... | 636 | if (time_constant == 0) | | ~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 640 | if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { | | ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (4) when ‘socket’ succeeds | | (5) following ‘false’ branch (when ‘fd >= 0’)... |...... | 644 | if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) { | | ~ ~~~~~~~~~~~~~~~~~~~~~~ | | | | | | (7) following ‘false’ branch... (6) ...to here |...... | 648 | if (listen(fd, 5) < 0) { | | ~~~~~~~~~~~~~~ | | || | | |(8) ...to here | | |(9) when ‘listen’ succeeds | | (10) following ‘false’ branch... |...... | 652 | if (daemon(0, 0)) { | | ~~~~~~~~~~~~~ | | || | | |(11) ...to here | | (12) following ‘false’ branch... |...... | 656 | signal(SIGPIPE, SIG_IGN); | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) ...to here | 657 | signal(SIGCHLD, sigchild); | 658 | server_loop(fd); | | ~~~~~~~~~~~~~~~ | | | | | (14) calling ‘server_loop’ from ‘main’ | +--> ‘server_loop’: events 15-16 | | 472 | static void server_loop(int fd) | | ^~~~~~~~~~~ | | | | | (15) entry to ‘server_loop’ |...... | 483 | load_netstat(); | | ~~~~~~~~~~~~~~ | | | | | (16) calling ‘load_netstat’ from ‘server_loop’ | +--> ‘load_netstat’: events 17-20 | | 302 | static void load_netstat(void) | | ^~~~~~~~~~~~ | | | | | (17) entry to ‘load_netstat’ |...... | 306 | if (fp) { | | ~ | | | | | (18) following ‘true’ branch (when ‘fp’ is non-NULL)... | 307 | load_ugly_table(fp); | | ~~~~~~~~~~~~~~~~~~~ | | | | | (19) ...to here | | (20) calling ‘load_ugly_table’ from ‘load_netstat’ | +--> ‘load_ugly_table’: events 21-26 | | 178 | static void load_ugly_table(FILE *fp) | | ^~~~~~~~~~~~~~~ | | | | | (21) entry to ‘load_ugly_table’ | 179 | { | 180 | char *buf = NULL; | | ~~~ | | | | | (22) ‘buf’ is NULL |...... | 186 | while ((nread = getline(&buf, &buflen, fp)) != -1) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (23) following ‘true’ branch... |...... | 192 | p = strchr(buf, ':'); | | ~~~~~~~~~~~~~~~~ | | | | | (24) ...to here | | (25) when ‘strchr’ returns non-NULL | 193 | if (!p) { | | ~ | | | | | (26) following ‘false’ branch (when ‘p’ is non-NULL)... | ‘load_ugly_table’: event 27 | |cc1: | (27): ...to here | ‘load_ugly_table’: events 28-40 | | 205 | while (*p) { | | ^~ | | | | | (28) following ‘true’ branch... | | (40) dereference of NULL ‘p’ |...... | 208 | if ((next = strchr(p, ' ')) != NULL) | | ~ ~~~~~~~~~~~~~~ | | | | | | | (29) ...to here | | | (30) when ‘strchr’ returns NULL | | (31) following ‘false’ branch (when ‘next’ is NULL)... | 209 | *next++ = 0; | 210 | else if ((next = strchr(p, '\n')) != NULL) | | ~ ~~~~~~~~~~~~~~~ | | | | | | | (32) ...to here | | | (33) when ‘strchr’ returns NULL | | (34) following ‘false’ branch (when ‘next’ is NULL)... | 211 | *next++ = 0; | 212 | if (off < sizeof(idbuf)) { | | ~~~~~~~~~~~~~~~~~~~~ | | | | | | | (35) ...to here | | (36) following ‘false’ branch... |...... | 216 | n = malloc(sizeof(*n)); | | ~~~~~~~~~~~~~~~~~~ | | | | | (37) ...to here | 217 | if (!n) { | | ~ | | | | | (38) following ‘false’ branch (when ‘n’ is non-NULL)... |...... | 221 | n->id = strdup(idbuf); | | ~~~~~~~~~~~~~ | | | | | (39) ...to here | nstat.c:254:35: warning: dereference of NULL ‘n’ [CWE-476] [-Wanalyzer-null-dereference] 254 | n = n->next; | ~~^~~~~~~~~ ‘main’: events 1-14 | | 575 | int main(int argc, char *argv[]) | | ^~~~ | | | | | (1) entry to ‘main’ |...... | 635 | if (scan_interval > 0) { | | ~ | | | | | (2) following ‘true’ branch... | 636 | if (time_constant == 0) | | ~~~~~~~~~~~~~~~~~~ | | | | | (3) ...to here |...... | 640 | if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { | | ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (4) when ‘socket’ succeeds | | (5) following ‘false’ branch (when ‘fd >= 0’)... |...... | 644 | if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) { | | ~ ~~~~~~~~~~~~~~~~~~~~~~ | | | | | | (7) following ‘false’ branch... (6) ...to here |...... | 648 | if (listen(fd, 5) < 0) { | | ~~~~~~~~~~~~~~ | | || | | |(8) ...to here | | |(9) when ‘listen’ succeeds | | (10) following ‘false’ branch... |...... | 652 | if (daemon(0, 0)) { | | ~~~~~~~~~~~~~ | | || | | |(11) ...to here | | (12) following ‘false’ branch... |...... | 656 | signal(SIGPIPE, SIG_IGN); | | ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (13) ...to here | 657 | signal(SIGCHLD, sigchild); | 658 | server_loop(fd); | | ~~~~~~~~~~~~~~~ | | | | | (14) calling ‘server_loop’ from ‘main’ | +--> ‘server_loop’: events 15-16 | | 472 | static void server_loop(int fd) | | ^~~~~~~~~~~ | | | | | (15) entry to ‘server_loop’ |...... | 483 | load_netstat(); | | ~~~~~~~~~~~~~~ | | | | | (16) calling ‘load_netstat’ from ‘server_loop’ | +--> ‘load_netstat’: events 17-20 | | 302 | static void load_netstat(void) | | ^~~~~~~~~~~~ | | | | | (17) entry to ‘load_netstat’ |...... | 306 | if (fp) { | | ~ | | | | | (18) following ‘true’ branch (when ‘fp’ is non-NULL)... | 307 | load_ugly_table(fp); | | ~~~~~~~~~~~~~~~~~~~ | | | | | (19) ...to here | | (20) calling ‘load_ugly_table’ from ‘load_netstat’ | +--> ‘load_ugly_table’: events 21-25 | | 178 | static void load_ugly_table(FILE *fp) | | ^~~~~~~~~~~~~~~ | | | | | (21) entry to ‘load_ugly_table’ |...... | 186 | while ((nread = getline(&buf, &buflen, fp)) != -1) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (22) following ‘true’ branch... |...... | 192 | p = strchr(buf, ':'); | | ~~~~~~~~~~~~~~~~ | | | | | (23) ...to here | | (24) when ‘strchr’ returns non-NULL | 193 | if (!p) { | | ~ | | | | | (25) following ‘false’ branch (when ‘p’ is non-NULL)... | ‘load_ugly_table’: event 26 | |cc1: | (26): ...to here | ‘load_ugly_table’: events 27-28 | | 205 | while (*p) { | | ^ | | | | | (27) following ‘false’ branch... |...... | 228 | nread = getline(&buf, &buflen, fp); | | ~ | | | | | (28) inlined call to ‘getline’ from ‘load_ugly_table’ | +--> ‘getline’: event 29 | |/usr/include/bits/stdio.h:120:10: | 120 | return __getdelim (__lineptr, __n, '\n', __stream); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (29) ...to here | <------+ | ‘load_ugly_table’: events 30-36 | |nstat.c:229:20: | 229 | if (nread == -1) { | | ^ | | | | | (30) following ‘false’ branch... |...... | 234 | count2 = count_spaces(buf); | | ~~~~~~~~~~~~~~~~~ | | | | | (31) ...to here |...... | 239 | if (!p) { | | ~ | | | | | (32) following ‘false’ branch (when ‘p’ is non-NULL)... |...... | 244 | *p = 0; | | ~~~~~~ | | | | | (33) ...to here | 245 | if (sscanf(p+1, "%llu", &n->val) != 1) { | | ~ | | | | | (34) following ‘false’ branch... |...... | 251 | if (skip) | | ~ | | | | | (35) ...to here |...... | 254 | n = n->next; | | ~~~~~~~~~~~ | | | | | (36) dereference of NULL ‘n’ | Signed-off-by: Stephen Hemminger --- misc/nstat.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/misc/nstat.c b/misc/nstat.c index 0ab92ecbeb47..2c10feaa3adf 100644 --- a/misc/nstat.c +++ b/misc/nstat.c @@ -219,9 +219,15 @@ static void load_ugly_table(FILE *fp) exit(-1); } n->id = strdup(idbuf); + if (n->id == NULL) { + perror("nstat: strdup"); + exit(-1); + } n->rate = 0; n->next = db; db = n; + if (next == NULL) + break; p = next; } n = db; From patchwork Tue May 9 21:21:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236159 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAF5F174ED for ; Tue, 9 May 2023 21:23:06 +0000 (UTC) Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0FA0D87A for ; Tue, 9 May 2023 14:22:48 -0700 (PDT) Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-643ac91c51fso3664936b3a.1 for ; Tue, 09 May 2023 14:22:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667300; x=1686259300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=EjzNv3ZUHV49ZK4sGfHLdC7UCnLyqaopmqPP4Gwurls=; b=rx8gqB8x2CME/XQdZ9TQp1nX0ILhzLmPsr0vP0/CAmPNqZgfr3nkjZHPHxLhDVJmUi fTZOWY6QhIxBXK2hCGc7iBNJOCHYLQB22/W4BZvxbHxBvhYyD3l9hBa0ILxDXrXrTBsI kBoozlV2gVqNwLKfPB4hq5jnejlpwzFAilTQIkLLoSUSffO3VNDvssCEiQ40OKM6xDly ZNpnJJxcbAAJb6L7mlDv9gv8b6pWYQJ9wTCYZ9xalEPsoCuOfbdv4/lSdSMV7e201vFH TQGBUTWzx4URs61cQ0lNw9fvq3rK1LhNDq2/Ya11tNyYZuvz+lly4uRglaF0k6VDSUg8 ubwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667300; x=1686259300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EjzNv3ZUHV49ZK4sGfHLdC7UCnLyqaopmqPP4Gwurls=; b=FJxcLhv6IJPCpspZ/BZWGZatmfSuqK0JywY6VcCg6jN8i5vVm1I2Ej1K4LLy7clFwP 6As/qSgC7Y651wH/8PX+EHLGcaZxxYYOcIyq/ZMwfSqnGJ0EDirMD9fVgS1PEObVhj6J SBVNgyrRnd7oLeNqIq8Fas2sLIIQQMnTc1gFT0px/K/atnySB5Lj61mFCJgog5Tbt3IL DbYDUc/ydX1HAGyXuhPSsvx4XFDSszb6ENB52sRL0hhRjK7steFcKEkIOu+oT0MfqLWi YwKyxgh+B8b6uxtpeb/SObG4Ij3sRH8ZX6npjQgAQHgE/J7G2X1OJPVkTqvO0C35/fnW GLyw== X-Gm-Message-State: AC+VfDy5GMf46LFSPXxocVz9Vyutui2ChcQrd0oE6rYruNm2AbVmzXZM 0EIkU8L8vniBM0Cixowne+JxaUHAKLP6fjtBwuIPdQ== X-Google-Smtp-Source: ACHHUZ5h5+9k6ZCequIIIL7lmhadb5U+d0nsJ5ZO0HtMVgMMJ7qyEMdivP3ehQX1lHxiHczNFtP47Q== X-Received: by 2002:a05:6a20:938e:b0:ea:fa7f:f879 with SMTP id x14-20020a056a20938e00b000eafa7ff879mr21857229pzh.42.1683667300395; Tue, 09 May 2023 14:21:40 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:39 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 10/11] rdma/utils: fix some analyzer warnings Date: Tue, 9 May 2023 14:21:24 -0700 Message-Id: <20230509212125.15880-11-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com Add error checks for cases where analyzer thinks it is possible to us a possibly NULL value. utils.c: In function ‘get_port_from_argv’: utils.c:76:17: warning: use of NULL where non-null expected [CWE-476] [-Wanalyzer-null-argument] 76 | slash = strchr(rd_argv(rd), '/'); | ^~~~~~~~~~~~~~~~~~~~~~~~ ‘get_port_from_argv’: events 1-2 | | 68 | static int get_port_from_argv(struct rd *rd, uint32_t *port, | | ^~~~~~~~~~~~~~~~~~ | | | | | (1) entry to ‘get_port_from_argv’ |...... | 76 | slash = strchr(rd_argv(rd), '/'); | | ~ | | | | | (2) inlined call to ‘rd_argv’ from ‘get_port_from_argv’ | +--> ‘rd_argv’: event 3 | | 18 | if (!rd_argc(rd)) | | ^ | | | | | (3) following ‘true’ branch... | <------+ | ‘get_port_from_argv’: events 4-5 | | 76 | slash = strchr(rd_argv(rd), '/'); | | ^~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | | (5) argument 1 (‘’) NULL where non-null expected | In file included from rdma.h:10, from utils.c:7: /usr/include/string.h:246:14: note: argument 1 of ‘strchr’ must be non-null 246 | extern char *strchr (const char *__s, int __c) | ^~~~~~ Fixes: 40df8263a0f0 ("rdma: Add dev object") Signed-off-by: Stephen Hemminger --- rdma/utils.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/rdma/utils.c b/rdma/utils.c index 21177b565bf1..a33ff420f8cb 100644 --- a/rdma/utils.c +++ b/rdma/utils.c @@ -75,6 +75,13 @@ static int get_port_from_argv(struct rd *rd, uint32_t *port, slash = strchr(rd_argv(rd), '/'); /* if no port found, return 0 */ + if (slash == NULL) { + if (strict_port) + return -EINVAL; + else + return 0; + } + if (slash++) { if (*slash == '-') { if (strict_port) @@ -747,6 +754,9 @@ struct dev_map *dev_map_lookup(struct rd *rd, bool allow_port_index) return NULL; dev_name = strdup(rd_argv(rd)); + if (!dev_name) + return NULL; + if (allow_port_index) { slash = strrchr(dev_name, '/'); if (slash) From patchwork Tue May 9 21:21:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Stephen Hemminger X-Patchwork-Id: 13236161 X-Patchwork-Delegate: stephen@networkplumber.org Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA49218C06 for ; Tue, 9 May 2023 21:23:07 +0000 (UTC) Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DE73DC6C for ; Tue, 9 May 2023 14:22:49 -0700 (PDT) Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-643a6f993a7so3584805b3a.1 for ; Tue, 09 May 2023 14:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20221208.gappssmtp.com; s=20221208; t=1683667301; x=1686259301; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JAdljhZYUlbL6KX8+mnPa3LtJZLNNXTdCvCHKlgV7GM=; b=yGBx996Kt4B0ajVlYRA1uIA6ReX3c9Isi2zVC7PK8IxmN6pPL3AOIPvIBdOuuLCp2S Wtbtbkk4L9nsDaKk4BpfN9h2RadSt7r4KgLM6eAdPKhNyMT1OvReZlZsuinIXF9tLav6 QE7eLEFxsOHuvzpaCa01SmVk0ZwCMT5/9zh6ZG5nuMkudQmp/Y8NlmamAfr8yBccx4BH M8xHZtuSX3xO3ZoJqHNC4Nk0iIV/I7QZoMVgaifdD6ugBrQYhdRhWnj2q5sKYX9tGXL2 4lhyqZSTvFnwl1za/GW5dzzweKCcT3CPYOsMU8XlCWzzQh6CAxmBXQ2Dty14ka3SWwj/ 6SLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683667301; x=1686259301; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JAdljhZYUlbL6KX8+mnPa3LtJZLNNXTdCvCHKlgV7GM=; b=ji48WQCyoUllVszxpkryh3Ezm7YGsmXfHMo8mlCG/HufqOP92FheyUAEeuOU/zanFX OpDp8Ki6Sj96R4sx3GWfZuznOmj4NvIst9sdtoiwWj8gG31XlSE0VeyqCRdnGrRxyayT KShIyJjMjcG8hrA04AdTUXcoy8fR9OJ8AwqNJtObZFkuo+yI3s0arGug9viiZVTLkTTL nqDsWMJ/1UCc+ykw2GcTHud7g03hrydiIkRMrpXG7hZGT0KyT6+A9P/1NEMoa7LAb95g gq/vckylJB2BeaTilOSlJb+nv7CW1KhQdre3dlt5vBv7Z2qKCcXuHYT9TH2wwjAzc7pn 1Q8g== X-Gm-Message-State: AC+VfDxMEjFIa/D1UVkFomev8Xh1ZYVntFY62CiGKgl1WFS4acjqcx42 poKMqQFm0+1tiJMSwaBRiKSbZkocaYF70hYaN4sIPQ== X-Google-Smtp-Source: ACHHUZ6CH3kTwq/CGTcdUnNftN0rtQoJOij+CkDXpTLSc9ylyftuZCsKbwlxlU2iOhjE+NNt53gQzw== X-Received: by 2002:a05:6a00:1492:b0:63b:6149:7ad6 with SMTP id v18-20020a056a00149200b0063b61497ad6mr20601249pfu.34.1683667301478; Tue, 09 May 2023 14:21:41 -0700 (PDT) Received: from hermes.local (204-195-120-218.wavecable.com. [204.195.120.218]) by smtp.gmail.com with ESMTPSA id d22-20020aa78e56000000b00646e7d2b5a7sm1932565pfr.112.2023.05.09.14.21.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 14:21:41 -0700 (PDT) From: Stephen Hemminger To: netdev@vger.kernel.org Cc: Stephen Hemminger Subject: [PATCH iproute2 11/11] tc/prio: handle possible truncated kernel response Date: Tue, 9 May 2023 14:21:25 -0700 Message-Id: <20230509212125.15880-12-stephen@networkplumber.org> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230509212125.15880-1-stephen@networkplumber.org> References: <20230509212125.15880-1-stephen@networkplumber.org> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: dsahern@gmail.com Reported by -fanalyzer. If kernel did not send full qdisc info, then uninitialized or null data could be referenced. q_prio.c: In function ‘prio_print_opt’: q_prio.c:105:57: warning: dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference] 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands); | ~~~~^~~~~~~ ‘prio_print_opt’: event 1 | | 98 | if (opt == NULL) | | ^ | | | | | (1) following ‘false’ branch (when ‘opt’ is non-NULL)... | ‘prio_print_opt’: event 2 | |../include/uapi/linux/rtnetlink.h:228:38: | 228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0)) | | ~~~~~~^~~~~~~~~~ | | | | | (2) ...to here ../include/libnetlink.h:236:19: note: in expansion of macro ‘RTA_PAYLOAD’ | 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \ | | ^~~~~~~~~~~ q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’ | 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~ | ‘prio_print_opt’: event 3 | |../include/libnetlink.h:236:59: | 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \ q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’ | 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~ | ‘prio_print_opt’: events 4-5 | | 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands); | | ~~~~^~~~~~~ | | | | | (4) ...to here | | (5) dereference of NULL ‘’ | Signed-off-by: Stephen Hemminger --- tc/q_prio.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tc/q_prio.c b/tc/q_prio.c index c8c6477e1a98..a3781ffe8b2c 100644 --- a/tc/q_prio.c +++ b/tc/q_prio.c @@ -101,6 +101,8 @@ int prio_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt) if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt, sizeof(*qopt))) return -1; + if (qopt == NULL) + return -1; /* missing data from kernel */ print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands); open_json_array(PRINT_ANY, "priomap");