packages/iproute
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iproute/backport-tc_exec-don-t-dereference-NULL-on-calloc-failure.patch
gaoxingwang 552d5e248f backport patches to fix bugs 
(cherry picked from commit 2e9232daaeeab8917abc9a7830b7a9195d7a1da0)
2023-08-17 17:20:22 +08:00

107 lines
3.6 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 0b9b9d659880a3084ec0a5b49f07f387de7b0f0c Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 8 May 2023 19:21:27 -0700
Subject: [PATCH] tc_exec: don't dereference NULL on calloc failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reported as:
tc_exec.c: In function do_exec:
tc_exec.c:103:18: warning: dereference of NULL eu [CWE-476] [-Wanalyzer-null-dereference]
103 | return eu->parse_eopt(eu, argc, argv);
| ~~^~~~~~~~~~~~
do_exec: events 1-6
|
| 81 | int do_exec(int argc, char **argv)
| | ^~~~~~~
| | |
| | (1) entry to do_exec
|......
| 86 | if (argc < 1) {
| | ~
| | |
| | (2) following false branch (when argc > 0)...
|......
| 91 | if (matches(*argv, "help") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(3) ...to here
| | (4) following true branch...
|......
| 96 | strncpy(kind, *argv, sizeof(kind) - 1);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| 97 |
| 98 | eu = get_exec_kind(kind);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (6) calling get_exec_kind from do_exec
|
+--> get_exec_kind: events 7-10
|
| 40 | static struct exec_util *get_exec_kind(const char *name)
| | ^~~~~~~~~~~~~
| | |
| | (7) entry to get_exec_kind
|......
| 63 | if (eu == NULL)
| | ~
| | |
| | (8) following true branch (when eu is NULL)...
| 64 | goto noexist;
| | ~~~~
| | |
| | (9) ...to here
|......
| 72 | if (eu) {
| | ~
| | |
| | (10) following false branch (when eu is NULL)...
|
get_exec_kind: event 11
|
|cc1:
| (11): ...to here
|
<------+
|
do_exec: events 12-13
|
| 98 | eu = get_exec_kind(kind);
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | (12) return of NULL to do_exec from get_exec_kind
|......
| 103 | return eu->parse_eopt(eu, argc, argv);
| | ~~~~~~~~~~~~~~
| | |
| | (13) dereference of NULL eu
|
Fixes: 4bd624467bc6 ("tc: built-in eBPF exec proxy")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
tc/tc_exec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tc/tc_exec.c b/tc/tc_exec.c
index 5d883402..182fbb4c 100644
--- a/tc/tc_exec.c
+++ b/tc/tc_exec.c
@@ -96,6 +96,10 @@ int do_exec(int argc, char **argv)
strncpy(kind, *argv, sizeof(kind) - 1);
eu = get_exec_kind(kind);
+ if (eu == NULL) {
+ fprintf(stderr, "Allocation failed finding exec\n");
+ return -1;
+ }
argc--;
argv++;
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink