[lxc-devel] [lxc/master] coverity fixes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3568 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From ec0befee9475aa7d6913ee0da24761d66b111797 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 28 Oct 2020 03:58:54 +0100 Subject: [PATCH 1/4] commands: don't deref after NULL check Fixes: Coverity 1465657 Signed-off-by: Christian Brauner --- src/lxc/commands.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lxc/commands.c b/src/lxc/commands.c index de09c3aff0..cca09a1261 100644 --- a/src/lxc/commands.c +++ b/src/lxc/commands.c @@ -487,9 +487,12 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req, }; int ret; - if (!handler->conf || handler->conf->devpts_fd < 0) + if (!handler->conf || handler->conf->devpts_fd < 0) { rsp.ret = -EBADF; - ret = lxc_abstract_unix_send_fds(fd, >conf->devpts_fd, 1, , sizeof(rsp)); + ret = lxc_abstract_unix_send_fds(fd, NULL, 0, , sizeof(rsp)); + } else { + ret = lxc_abstract_unix_send_fds(fd, >conf->devpts_fd, 1, , sizeof(rsp)); + } if (ret < 0) return log_error(LXC_CMD_REAP_CLIENT_FD, "Failed to send devpts fd"); From 3715d0c03fae815963cbcef66524a2deffda39e0 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 28 Oct 2020 04:01:19 +0100 Subject: [PATCH 2/4] utils: don't deref after NULL check Fixes: Coverity 1465855 Signed-off-by: Christian Brauner --- src/lxc/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/utils.c b/src/lxc/utils.c index c02eef1526..561f7685cc 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -1113,7 +1113,7 @@ int safe_mount_beneath(const char *beneath, const char *src, const char *dst, co __do_close int beneath_fd = -EBADF; const char *path = beneath ? beneath : "/"; - beneath_fd = openat(-1, beneath, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH); + beneath_fd = openat(-1, path, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH); if (beneath_fd < 0) return log_error_errno(-errno, errno, "Failed to open %s", path); From 8ddf34f7a037325565b8cf8ff995cbf573f9932e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 28 Oct 2020 04:03:31 +0100 Subject: [PATCH 3/4] conf: check snprint return value Fixes: Coverity 1465854 Signed-off-by: Christian Brauner --- src/lxc/conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 259d3766ab..c258d0b4c5 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1207,7 +1207,9 @@ static int lxc_fill_autodev(const struct lxc_rootfs *rootfs) if (ret < 0) { const char *mntpt = rootfs->path ? rootfs->mount : NULL; if (errno == ENOSYS) { - snprintf(path, sizeof(path), "%s/dev/%s", mntpt, device->name); + ret = snprintf(path, sizeof(path), "%s/dev/%s", mntpt, device->name); + if (ret < 0 || ret >= sizeof(path)) + return log_error(-1, "Failed to create device path for %s", device->name); ret = safe_mount(hostpath, path, 0, MS_BIND, NULL, rootfs->path ? rootfs->mount : NULL); } } From 0dde733e5a049e695885d733eb98795b0eddbd74 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 28 Oct 2020 04:04:42 +0100 Subject: [PATCH 4/4] utils: check snprintf return value Fixes: Coverity 1465853 Signed-off-by: Christian Brauner --- src/lxc/utils.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lxc/utils.c b/src/lxc/utils.c index 561f7685cc..baf80b7f5c 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -1097,7 +1097,9 @@ int __safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, co target_fd = openat2(beneath_fd, dst, , sizeof(how)); if (target_fd < 0) return -errno; - snprintf(tgt_buf, sizeof(tgt_buf), "/proc/self/fd/%d", target_fd); + ret = snprintf(tgt_buf, sizeof(tgt_buf), "/proc/self/fd/%d", target_fd); + if (ret < 0 || ret >= sizeof(tgt_buf)) + return -EIO; if (!is_empty_string(src_buf)) ret = mount(src_buf, tgt_buf, fstype, flags, data); ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] Coverity fixes for veth vlan
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3442 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 4e61b19d62ea7e9d4d2c11b863701b75e24c6ad9 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 9 Jun 2020 12:01:41 +0100 Subject: [PATCH 1/3] confile: Fix coverity issue, missing return in get_config_net_veth_vlan_tagged_id Signed-off-by: Thomas Parrott --- src/lxc/confile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 3ee2e8847a..68403e65e0 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -5906,7 +5906,7 @@ static int get_config_net_veth_vlan_tagged_id(const char *key, char *retv, int i struct lxc_netdev *netdev = data; if (!netdev) - ret_errno(EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_VETH) return 0; From 785e15403e7a004a285686342e6d4b973e278803 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 9 Jun 2020 12:03:06 +0100 Subject: [PATCH 2/3] network: Fix coverity issue, leaking data in lxc_ovs_setup_bridge_vlan_exec Signed-off-by: Thomas Parrott --- src/lxc/network.c | 15 +-- 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/lxc/network.c b/src/lxc/network.c index 2ff053ecae..9691ec94a0 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -433,11 +433,14 @@ struct ovs_veth_vlan_args { static int lxc_ovs_setup_bridge_vlan_exec(void *data) { struct ovs_veth_vlan_args *args = data; - const char *vlan_mode = "", *tag = "", *trunks = ""; + __do_free char *vlan_mode = NULL, *tag = NULL, *trunks = NULL; + + if (!args->vlan_mode) + return ret_errno(EINVAL); vlan_mode = must_concat(NULL, "vlan_mode=", args->vlan_mode, (char *)NULL); - if (args->vlan_id >= 0) { + if (args->vlan_id > BRIDGE_VLAN_NONE) { char buf[5]; int rc; @@ -449,15 +452,15 @@ static int lxc_ovs_setup_bridge_vlan_exec(void *data) } - if (strcmp(args->trunks, "") != 0) + if (args->trunks) trunks = must_concat(NULL, "trunks=", args->trunks, (char *)NULL); /* Detect the combination of vlan_id and trunks specified and convert to ovs-vsctl command. */ - if (strcmp(tag, "") != 0 && strcmp(trunks, "") != 0) + if (tag && trunks) execlp("ovs-vsctl", "ovs-vsctl", "set", "port", args->nic, vlan_mode, tag, trunks, (char *)NULL); - else if (strcmp(tag, "") != 0) + else if (tag) execlp("ovs-vsctl", "ovs-vsctl", "set", "port", args->nic, vlan_mode, tag, (char *)NULL); - else if (strcmp(trunks, "") != 0) + else if (trunks) execlp("ovs-vsctl", "ovs-vsctl", "set", "port", args->nic, vlan_mode, trunks, (char *)NULL); else return -EINVAL; From 1ee07848e7cbfb9b0673167e8f40f20082e398b1 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 9 Jun 2020 12:03:40 +0100 Subject: [PATCH 3/3] network: Fix coverity issue, dont initialise string pointers in setup_veth_ovs_bridge_vlan This is needed by lxc_ovs_setup_bridge_vlan_exec. Signed-off-by: Thomas Parrott --- src/lxc/network.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/lxc/network.c b/src/lxc/network.c index 9691ec94a0..84bfb6b390 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -473,9 +473,9 @@ static int setup_veth_ovs_bridge_vlan(char *veth1, struct lxc_netdev *netdev) int taggedLength = lxc_list_len(>priv.veth_attr.vlan_tagged_ids); struct ovs_veth_vlan_args args; args.nic = veth1; - args.vlan_mode = ""; - args.vlan_id = -1; - args.trunks = ""; + args.vlan_mode = NULL; + args.vlan_id = BRIDGE_VLAN_NONE; + args.trunks = NULL; /* Skip setup if no VLAN options are specified. */ if (!netdev->priv.veth_attr.vlan_id_set && taggedLength <= 0) @@ -515,11 +515,14 @@ static int setup_veth_ovs_bridge_vlan(char *veth1, struct lxc_netdev *netdev) if (rc < 0 || (size_t)rc >= sizeof(buf)) return log_error_errno(-1, EINVAL, "Failed to parse tagged vlan \"%u\" for interface \"%s\"", vlan_id, veth1); - args.trunks = must_concat(NULL, args.trunks, buf, ",", (char *)NULL); + if (args.trunks) + args.trunks = must_concat(NULL, args.trunks, buf, ",", (char *)NULL); + else + args.trunks = must_concat(NULL, buf, ",", (char *)NULL); } } - if (strcmp(args.vlan_mode, "") != 0) { + if (args.vlan_mode)