packages/iproute
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iproute/backport-tc-prio-handle-possible-truncated-kernel-response.patch
gaoxingwang 552d5e248f backport patches to fix bugs 
(cherry picked from commit 2e9232daaeeab8917abc9a7830b7a9195d7a1da0)
2023-08-17 17:20:22 +08:00

75 lines
3.1 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From c90d25e96b010c5837b5db9eaa57f5063f0c2aeb Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 8 May 2023 20:17:50 -0700
Subject: [PATCH] tc/prio: handle possible truncated kernel response
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reported by -fanalyzer. If kernel did not send full qdisc
info, then uninitialized or null data could be referenced.
q_prio.c: In function prio_print_opt:
q_prio.c:105:57: warning: dereference of NULL 0 [CWE-476] [-Wanalyzer-null-dereference]
105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| ~~~~^~~~~~~
prio_print_opt: event 1
|
| 98 | if (opt == NULL)
| | ^
| | |
| | (1) following false branch (when opt is non-NULL)...
|
prio_print_opt: event 2
|
|../include/uapi/linux/rtnetlink.h:228:38:
| 228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
| | ~~~~~~^~~~~~~~~~
| | |
| | (2) ...to here
../include/libnetlink.h:236:19: note: in expansion of macro RTA_PAYLOAD
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
| | ^~~~~~~~~~~
q_prio.c:101:13: note: in expansion of macro parse_rtattr_nested_compat
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
prio_print_opt: event 3
|
|../include/libnetlink.h:236:59:
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
q_prio.c:101:13: note: in expansion of macro parse_rtattr_nested_compat
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
prio_print_opt: events 4-5
|
| 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| | ~~~~^~~~~~~
| | |
| | (4) ...to here
| | (5) dereference of NULL <unknown>
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
tc/q_prio.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tc/q_prio.c b/tc/q_prio.c
index c8c6477e..a3781ffe 100644
--- a/tc/q_prio.c
+++ b/tc/q_prio.c
@@ -101,6 +101,8 @@ int prio_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt)
if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
sizeof(*qopt)))
return -1;
+ if (qopt == NULL)
+ return -1; /* missing data from kernel */
print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
open_json_array(PRINT_ANY, "priomap");
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink