diff options
author | Chris Luke <chrisy@flirble.org> | 2016-07-07 11:01:17 -0400 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2016-07-08 09:41:03 +0000 |
commit | 370e9e38e8e0b35810734125e2b6eeac65fefa5d (patch) | |
tree | d60f56163bd9fa8397a20b18a801f6ec1d92e17e | |
parent | ce3e971bab3a67b5d484294f5cfd3d270c76bc38 (diff) |
VPP-189 Some bugfixes for issues reported by Coverity
CID 130914 Buffer not null terminated
CID 130916 Unchecked return value
CID 130938 Unchecked return value from library
CID 130939 Unchecked return value from library
CID 130940 Unchecked return value from library
CID 131042 Argument cannot be negative
CID 131222 Resource leak
CID 131223 Resource leak
CID 131334 Double close
CID 131335 Read from pointer after free
CID 131211 Resource leak
CID 131212 Resource leak
Change-Id: Idd80b91f621278e0be15911f2ed4354dbe4fc7f2
Signed-off-by: Chris Luke <chrisy@flirble.org>
-rw-r--r-- | svm/svm.c | 45 | ||||
-rw-r--r-- | vlib/vlib/pci/linux_pci.c | 35 |
2 files changed, 66 insertions, 14 deletions
@@ -225,14 +225,22 @@ static int svm_data_region_create (svm_map_region_args_t *a, if (fstat(fd, &statb) < 0) { clib_unix_warning("fstat"); + close (fd); return -2; } if (statb.st_mode & S_IFREG) { if (statb.st_size == 0) { - lseek(fd, map_size, SEEK_SET); - if (write(fd, &junk, 1) != 1) + if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) { + clib_unix_warning ("seek region size"); + close (fd); + return -3; + } + if (write(fd, &junk, 1) != 1) { clib_unix_warning ("set region size"); + close (fd); + return -3; + } } else { map_size = rnd_pagesize (statb.st_size); } @@ -246,6 +254,7 @@ static int svm_data_region_create (svm_map_region_args_t *a, if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) { clib_unix_warning("mmap"); + close (fd); return -3; } close(fd); @@ -283,14 +292,22 @@ static int svm_data_region_map (svm_map_region_args_t *a, if (fstat(fd, &statb) < 0) { clib_unix_warning("fstat"); + close (fd); return -2; } if (statb.st_mode & S_IFREG) { if (statb.st_size == 0) { - lseek(fd, map_size, SEEK_SET); - if (write(fd, &junk, 1) != 1) + if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) { + clib_unix_warning ("seek region size"); + close (fd); + return -3; + } + if (write(fd, &junk, 1) != 1) { clib_unix_warning ("set region size"); + close (fd); + return -3; + } } else { map_size = rnd_pagesize (statb.st_size); } @@ -304,6 +321,7 @@ static int svm_data_region_map (svm_map_region_args_t *a, if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) { clib_unix_warning("mmap"); + close (fd); return -3; } close(fd); @@ -399,15 +417,23 @@ void *svm_map_region (svm_map_region_args_t *a) vec_free(shm_name); - lseek(svm_fd, a->size, SEEK_SET); - if (write(svm_fd, &junk, 1) != 1) + if (lseek(svm_fd, a->size, SEEK_SET) == (off_t) -1) { + clib_warning ("seek region size"); + close (svm_fd); + return (0); + } + if (write(svm_fd, &junk, 1) != 1) { clib_warning ("set region size"); + close (svm_fd); + return (0); + } rp = mmap((void *)a->baseva, a->size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, svm_fd, 0); if (rp == (svm_region_t *) MAP_FAILED) { clib_unix_warning ("mmap create"); + close (svm_fd); return (0); } close(svm_fd); @@ -509,6 +535,7 @@ void *svm_map_region (svm_map_region_args_t *a) while (1) { if (0 != fstat(svm_fd, &stat)) { clib_warning("fstat failed: %d", errno); + close (svm_fd); return (0); } if (stat.st_size > 0) { @@ -516,6 +543,7 @@ void *svm_map_region (svm_map_region_args_t *a) } if (0 == time_left) { clib_warning("waiting for resize of shm file timed out"); + close (svm_fd); return (0); } ts.tv_sec = 0; @@ -545,10 +573,10 @@ void *svm_map_region (svm_map_region_args_t *a) * <bleep>-ed? */ if (rp->version == 0) { - close(svm_fd); - munmap(rp, a->size); clib_warning("rp->version %d not %d", rp->version, SVM_VERSION); + close(svm_fd); + munmap(rp, a->size); return (0); } /* Remap now that the region has been placed */ @@ -561,6 +589,7 @@ void *svm_map_region (svm_map_region_args_t *a) MAP_SHARED | MAP_FIXED, svm_fd, 0); if ((uword)rp == (uword)MAP_FAILED) { clib_unix_warning ("mmap"); + close (svm_fd); return (0); } diff --git a/vlib/vlib/pci/linux_pci.c b/vlib/vlib/pci/linux_pci.c index 757f2aa5..6cc70e6d 100644 --- a/vlib/vlib/pci/linux_pci.c +++ b/vlib/vlib/pci/linux_pci.c @@ -123,6 +123,11 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name) } fd = socket(PF_INET, SOCK_DGRAM, 0); + if (fd < 0) + { + error = clib_error_return_unix (0, "socket"); + goto done; + } while((e = readdir (dir))) { @@ -135,17 +140,32 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name) memset(&ifr, 0, sizeof ifr); memset(&drvinfo, 0, sizeof drvinfo); ifr.ifr_data = (char *) &drvinfo; - strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ); + strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ - 1); drvinfo.cmd = ETHTOOL_GDRVINFO; - ioctl (fd, SIOCETHTOOL, &ifr); + if (ioctl (fd, SIOCETHTOOL, &ifr) < 0) + { + if (errno == ENOTSUP) + /* Some interfaces (eg "lo") don't support this ioctl */ + continue; + + error = clib_error_return_unix (0, "ioctl fetch intf %s bus info", + e->d_name); + close (fd); + goto done; + } if (strcmp ((char *) s, drvinfo.bus_info)) continue; memset (&ifr, 0, sizeof(ifr)); - strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ); - ioctl (fd, SIOCGIFFLAGS, &ifr); - close (fd); + strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ - 1); + if (ioctl (fd, SIOCGIFFLAGS, &ifr) < 0) + { + error = clib_error_return_unix (0, "ioctl fetch intf %s flags", + e->d_name); + close (fd); + goto done; + } if (ifr.ifr_flags & IFF_UP) { @@ -153,6 +173,7 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name) "interface %s is up", format_vlib_pci_addr, &d->bus_address, e->d_name); + close (fd); goto done; } } @@ -352,7 +373,7 @@ os_map_pci_resource_internal (uword os_handle, done: if (error) { - if (fd > 0) + if (fd >= 0) close (fd); } vec_free (file_name); @@ -478,6 +499,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored) { pool_put (pm->pci_devs, dev); error = clib_error_return_unix (0, "read `%s'", f); + close (fd); goto done; } @@ -490,6 +512,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored) { pool_put (pm->pci_devs, dev); error = clib_error_return (0, "invalid PCI config for `%s'", f); + close (fd); goto done; } } |