aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Luke <chrisy@flirble.org>2016-07-07 11:01:17 -0400
committerDamjan Marion <dmarion.lists@gmail.com>2016-07-08 09:41:03 +0000
commit370e9e38e8e0b35810734125e2b6eeac65fefa5d (patch)
treed60f56163bd9fa8397a20b18a801f6ec1d92e17e
parentce3e971bab3a67b5d484294f5cfd3d270c76bc38 (diff)
VPP-189 Some bugfixes for issues reported by Coverity
CID 130914 Buffer not null terminated CID 130916 Unchecked return value CID 130938 Unchecked return value from library CID 130939 Unchecked return value from library CID 130940 Unchecked return value from library CID 131042 Argument cannot be negative CID 131222 Resource leak CID 131223 Resource leak CID 131334 Double close CID 131335 Read from pointer after free CID 131211 Resource leak CID 131212 Resource leak Change-Id: Idd80b91f621278e0be15911f2ed4354dbe4fc7f2 Signed-off-by: Chris Luke <chrisy@flirble.org>
-rw-r--r--svm/svm.c45
-rw-r--r--vlib/vlib/pci/linux_pci.c35
2 files changed, 66 insertions, 14 deletions
diff --git a/svm/svm.c b/svm/svm.c
index b50aa820..e62f3f83 100644
--- a/svm/svm.c
+++ b/svm/svm.c
@@ -225,14 +225,22 @@ static int svm_data_region_create (svm_map_region_args_t *a,
if (fstat(fd, &statb) < 0) {
clib_unix_warning("fstat");
+ close (fd);
return -2;
}
if (statb.st_mode & S_IFREG) {
if (statb.st_size == 0) {
- lseek(fd, map_size, SEEK_SET);
- if (write(fd, &junk, 1) != 1)
+ if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) {
+ clib_unix_warning ("seek region size");
+ close (fd);
+ return -3;
+ }
+ if (write(fd, &junk, 1) != 1) {
clib_unix_warning ("set region size");
+ close (fd);
+ return -3;
+ }
} else {
map_size = rnd_pagesize (statb.st_size);
}
@@ -246,6 +254,7 @@ static int svm_data_region_create (svm_map_region_args_t *a,
if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) {
clib_unix_warning("mmap");
+ close (fd);
return -3;
}
close(fd);
@@ -283,14 +292,22 @@ static int svm_data_region_map (svm_map_region_args_t *a,
if (fstat(fd, &statb) < 0) {
clib_unix_warning("fstat");
+ close (fd);
return -2;
}
if (statb.st_mode & S_IFREG) {
if (statb.st_size == 0) {
- lseek(fd, map_size, SEEK_SET);
- if (write(fd, &junk, 1) != 1)
+ if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) {
+ clib_unix_warning ("seek region size");
+ close (fd);
+ return -3;
+ }
+ if (write(fd, &junk, 1) != 1) {
clib_unix_warning ("set region size");
+ close (fd);
+ return -3;
+ }
} else {
map_size = rnd_pagesize (statb.st_size);
}
@@ -304,6 +321,7 @@ static int svm_data_region_map (svm_map_region_args_t *a,
if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE,
MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) {
clib_unix_warning("mmap");
+ close (fd);
return -3;
}
close(fd);
@@ -399,15 +417,23 @@ void *svm_map_region (svm_map_region_args_t *a)
vec_free(shm_name);
- lseek(svm_fd, a->size, SEEK_SET);
- if (write(svm_fd, &junk, 1) != 1)
+ if (lseek(svm_fd, a->size, SEEK_SET) == (off_t) -1) {
+ clib_warning ("seek region size");
+ close (svm_fd);
+ return (0);
+ }
+ if (write(svm_fd, &junk, 1) != 1) {
clib_warning ("set region size");
+ close (svm_fd);
+ return (0);
+ }
rp = mmap((void *)a->baseva, a->size,
PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, svm_fd, 0);
if (rp == (svm_region_t *) MAP_FAILED) {
clib_unix_warning ("mmap create");
+ close (svm_fd);
return (0);
}
close(svm_fd);
@@ -509,6 +535,7 @@ void *svm_map_region (svm_map_region_args_t *a)
while (1) {
if (0 != fstat(svm_fd, &stat)) {
clib_warning("fstat failed: %d", errno);
+ close (svm_fd);
return (0);
}
if (stat.st_size > 0) {
@@ -516,6 +543,7 @@ void *svm_map_region (svm_map_region_args_t *a)
}
if (0 == time_left) {
clib_warning("waiting for resize of shm file timed out");
+ close (svm_fd);
return (0);
}
ts.tv_sec = 0;
@@ -545,10 +573,10 @@ void *svm_map_region (svm_map_region_args_t *a)
* <bleep>-ed?
*/
if (rp->version == 0) {
- close(svm_fd);
- munmap(rp, a->size);
clib_warning("rp->version %d not %d", rp->version,
SVM_VERSION);
+ close(svm_fd);
+ munmap(rp, a->size);
return (0);
}
/* Remap now that the region has been placed */
@@ -561,6 +589,7 @@ void *svm_map_region (svm_map_region_args_t *a)
MAP_SHARED | MAP_FIXED, svm_fd, 0);
if ((uword)rp == (uword)MAP_FAILED) {
clib_unix_warning ("mmap");
+ close (svm_fd);
return (0);
}
diff --git a/vlib/vlib/pci/linux_pci.c b/vlib/vlib/pci/linux_pci.c
index 757f2aa5..6cc70e6d 100644
--- a/vlib/vlib/pci/linux_pci.c
+++ b/vlib/vlib/pci/linux_pci.c
@@ -123,6 +123,11 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name)
}
fd = socket(PF_INET, SOCK_DGRAM, 0);
+ if (fd < 0)
+ {
+ error = clib_error_return_unix (0, "socket");
+ goto done;
+ }
while((e = readdir (dir)))
{
@@ -135,17 +140,32 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name)
memset(&ifr, 0, sizeof ifr);
memset(&drvinfo, 0, sizeof drvinfo);
ifr.ifr_data = (char *) &drvinfo;
- strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ);
+ strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ - 1);
drvinfo.cmd = ETHTOOL_GDRVINFO;
- ioctl (fd, SIOCETHTOOL, &ifr);
+ if (ioctl (fd, SIOCETHTOOL, &ifr) < 0)
+ {
+ if (errno == ENOTSUP)
+ /* Some interfaces (eg "lo") don't support this ioctl */
+ continue;
+
+ error = clib_error_return_unix (0, "ioctl fetch intf %s bus info",
+ e->d_name);
+ close (fd);
+ goto done;
+ }
if (strcmp ((char *) s, drvinfo.bus_info))
continue;
memset (&ifr, 0, sizeof(ifr));
- strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ);
- ioctl (fd, SIOCGIFFLAGS, &ifr);
- close (fd);
+ strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ - 1);
+ if (ioctl (fd, SIOCGIFFLAGS, &ifr) < 0)
+ {
+ error = clib_error_return_unix (0, "ioctl fetch intf %s flags",
+ e->d_name);
+ close (fd);
+ goto done;
+ }
if (ifr.ifr_flags & IFF_UP)
{
@@ -153,6 +173,7 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name)
"interface %s is up",
format_vlib_pci_addr, &d->bus_address,
e->d_name);
+ close (fd);
goto done;
}
}
@@ -352,7 +373,7 @@ os_map_pci_resource_internal (uword os_handle,
done:
if (error)
{
- if (fd > 0)
+ if (fd >= 0)
close (fd);
}
vec_free (file_name);
@@ -478,6 +499,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored)
{
pool_put (pm->pci_devs, dev);
error = clib_error_return_unix (0, "read `%s'", f);
+ close (fd);
goto done;
}
@@ -490,6 +512,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored)
{
pool_put (pm->pci_devs, dev);
error = clib_error_return (0, "invalid PCI config for `%s'", f);
+ close (fd);
goto done;
}
}