From 879ace3d3b238ec8db80f52ebfd556aa6f12b4c7 Mon Sep 17 00:00:00 2001
From: Chris Luke <chrisy@flirble.org>
Date: Tue, 26 Sep 2017 13:15:16 -0400
Subject: Various fixes for issues found by Coverity (VPP-972)

174267: Revisit this string termination issue
174816: Add check for NULL when trace is enabled
177211: Add notation that mutex is not required here
177117: Added check for log2_page_size == 0 and returns an error if so
163697,163698: Added missing sw_if_index validation

Change-Id: I5a76fcf6505c785bfb3269e353360031c6a0fd0f
Signed-off-by: Chris Luke <chrisy@flirble.org>
---
 src/uri/sock_test_server.c |  8 ++++++--
 src/vnet/srv6/sr_api.c     | 10 ++++++++++
 src/vnet/tcp/tcp_input.c   |  3 ++-
 src/vpp-api/vapi/vapi.c    |  1 +
 src/vppinfra/linux/mem.c   |  6 ++++++
 5 files changed, 25 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/uri/sock_test_server.c b/src/uri/sock_test_server.c
index 29adea25..35046aa0 100644
--- a/src/uri/sock_test_server.c
+++ b/src/uri/sock_test_server.c
@@ -514,7 +514,7 @@ main (int argc, char **argv)
 		      continue;
 		    }
 
-		  else if (((char *) conn->buf)[0] != 0)
+		  else if (isascii (conn->buf[0]))
 		    {
 		      // If it looks vaguely like a string, make sure it's terminated
 		      ((char *) conn->buf)[rx_bytes <
@@ -536,8 +536,12 @@ main (int argc, char **argv)
 		    continue;
 		}
 
-	      if (isascii (conn->buf[0]) && strlen ((const char *) conn->buf))
+	      if (isascii (conn->buf[0]))
 		{
+		  // If it looks vaguely like a string, make sure it's terminated
+		  ((char *) conn->buf)[rx_bytes <
+				       conn->buf_size ? rx_bytes :
+				       conn->buf_size - 1] = 0;
 		  if (xtra)
 		    fprintf (stderr,
 			     "ERROR: FIFO not drained in previous test!\n"
diff --git a/src/vnet/srv6/sr_api.c b/src/vnet/srv6/sr_api.c
index 925b50a1..623f672a 100644
--- a/src/vnet/srv6/sr_api.c
+++ b/src/vnet/srv6/sr_api.c
@@ -60,6 +60,9 @@ static void vl_api_sr_localsid_add_del_t_handler
  *  char end_psp, u8 behavior, u32 sw_if_index, u32 vlan_index, u32 fib_table,
  *  ip46_address_t *nh_addr, void *ls_plugin_mem)
  */
+
+  VALIDATE_SW_IF_INDEX (mp);
+
   rv = sr_cli_localsid (mp->is_del,
 			(ip6_address_t *) & mp->localsid_addr,
 			mp->end_psp,
@@ -69,6 +72,8 @@ static void vl_api_sr_localsid_add_del_t_handler
 			ntohl (mp->fib_table),
 			(ip46_address_t *) & mp->nh_addr, NULL);
 
+  BAD_SW_IF_INDEX_LABEL;
+
   REPLY_MACRO (VL_API_SR_LOCALSID_ADD_DEL_REPLY);
 }
 
@@ -158,6 +163,9 @@ static void vl_api_sr_steering_add_del_t_handler
  *  u32 table_id, ip46_address_t *prefix, u32 mask_width, u32 sw_if_index,
  *  u8 traffic_type)
  */
+
+  VALIDATE_SW_IF_INDEX (mp);
+
   rv = sr_steering_policy (mp->is_del,
 			   (ip6_address_t *) & mp->bsid_addr,
 			   ntohl (mp->sr_policy_index),
@@ -166,6 +174,8 @@ static void vl_api_sr_steering_add_del_t_handler
 			   ntohl (mp->mask_width),
 			   ntohl (mp->sw_if_index), mp->traffic_type);
 
+  BAD_SW_IF_INDEX_LABEL;
+
   REPLY_MACRO (VL_API_SR_STEERING_ADD_DEL_REPLY);
 }
 
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index 62dcdc5e..63d6fd87 100644
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2163,7 +2163,8 @@ tcp46_syn_sent_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	drop:
 
 	  b0->error = error0 ? node->errors[error0] : 0;
-	  if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
+	  if (PREDICT_FALSE
+	      ((b0->flags & VLIB_BUFFER_IS_TRACED) && tcp0 != 0))
 	    {
 	      t0 = vlib_add_trace (vm, node, b0, sizeof (*t0));
 	      clib_memcpy (&t0->tcp_header, tcp0, sizeof (t0->tcp_header));
diff --git a/src/vpp-api/vapi/vapi.c b/src/vpp-api/vapi/vapi.c
index 59415e03..3150d2b4 100644
--- a/src/vpp-api/vapi/vapi.c
+++ b/src/vpp-api/vapi/vapi.c
@@ -305,6 +305,7 @@ vapi_connect (vapi_ctx_t ctx, const char *name,
     }
   ctx->requests = tmp;
   memset (ctx->requests, 0, size);
+  /* coverity[MISSING_LOCK] - 177211 requests_mutex is not needed here */
   ctx->requests_start = ctx->requests_count = 0;
   if (chroot_prefix)
     {
diff --git a/src/vppinfra/linux/mem.c b/src/vppinfra/linux/mem.c
index df46763a..2d8f593d 100644
--- a/src/vppinfra/linux/mem.c
+++ b/src/vppinfra/linux/mem.c
@@ -132,6 +132,12 @@ clib_mem_vm_ext_alloc (clib_mem_vm_alloc_t * a)
 	    }
 	}
       log2_page_size = clib_mem_vm_get_log2_page_size (fd);
+
+      if (log2_page_size == 0)
+	{
+	  err = clib_error_return_unix (0, "cannot determine page size");
+	  goto error;
+	}
     }
   else				/* not CLIB_MEM_VM_F_SHARED */
     {
-- 
cgit 1.2.3-korg