rpms / conntrack-tools

Clone
Source Code
GIT

Blame conntrack-tools-coverity20150818.patch

c7 c7-alt c8-beta el6 epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master
  1.   master
  2.   conntrack-tools-coverity20150818.patch
Blob History Raw
Paul Wouters 205ad0 
diff --git a/src/cache.c b/src/cache.c
Paul Wouters 205ad0 
index 7c41e54..79a024f 100644
Paul Wouters 205ad0 
--- a/src/cache.c
Paul Wouters 205ad0 
+++ b/src/cache.c
Paul Wouters 205ad0 
@@ -34,7 +34,7 @@ struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = {
Paul Wouters 205ad0 
 };
Paul Wouters 205ad0
Paul Wouters 205ad0 
 struct cache *cache_create(const char *name, enum cache_type type,
Paul Wouters 205ad0 
-			   unsigned int features,
Paul Wouters 205ad0 
+			   unsigned int features,
Paul Wouters 205ad0 
 			   struct cache_extra *extra,
Paul Wouters 205ad0 
 			   struct cache_ops *ops)
Paul Wouters 205ad0 
 {
Paul Wouters 205ad0 
@@ -53,7 +53,8 @@ struct cache *cache_create(const char *name, enum cache_type type,
Paul Wouters 205ad0 
 		return NULL;
Paul Wouters 205ad0 
 	memset(c, 0, sizeof(struct cache));
Paul Wouters 205ad0
Paul Wouters 205ad0 
-	strcpy(c->name, name);
Paul Wouters 205ad0 
+	strncpy(c->name, name, CACHE_MAX_NAMELEN);
Paul Wouters 205ad0 
+	c->name[CACHE_MAX_NAMELEN - 1] = '\0';
Paul Wouters 205ad0 
 	c->type = type;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	for (i = 0; i < CACHE_MAX_FEATURE; i++) {
Paul Wouters 205ad0 
diff --git a/src/cthelper.c b/src/cthelper.c
Paul Wouters 205ad0 
index 6537515..54eb830 100644
Paul Wouters 205ad0 
--- a/src/cthelper.c
Paul Wouters 205ad0 
+++ b/src/cthelper.c
Paul Wouters 205ad0 
@@ -277,11 +277,11 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	if (!attr[NFQA_PAYLOAD]) {
Paul Wouters 205ad0 
 		dlog(LOG_ERR, "packet with no payload");
Paul Wouters 205ad0 
-		goto err;
Paul Wouters 205ad0 
+		goto err1;
Paul Wouters 205ad0 
 	}
Paul Wouters 205ad0 
 	if (!attr[NFQA_CT] || !attr[NFQA_CT_INFO]) {
Paul Wouters 205ad0 
 		dlog(LOG_ERR, "no CT attached to this packet");
Paul Wouters 205ad0 
-		goto err;
Paul Wouters 205ad0 
+		goto err1;
Paul Wouters 205ad0 
 	}
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	pkt = mnl_attr_get_payload(attr[NFQA_PAYLOAD]);
Paul Wouters 205ad0 
@@ -292,22 +292,22 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
Paul Wouters 205ad0 
 	queue_num = ntohs(nfg->res_id);
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	if (pkt_get(pkt, pktlen, ntohs(ph->hw_protocol), &protoff))
Paul Wouters 205ad0 
-		goto err;
Paul Wouters 205ad0 
+		goto err1;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	ct = nfct_new();
Paul Wouters 205ad0 
 	if (ct == NULL)
Paul Wouters 205ad0 
-		goto err;
Paul Wouters 205ad0 
+		goto err1;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	if (nfct_payload_parse(mnl_attr_get_payload(attr[NFQA_CT]),
Paul Wouters 205ad0 
 			       mnl_attr_get_payload_len(attr[NFQA_CT]),
Paul Wouters 205ad0 
 			       l3num, ct) < 0) {
Paul Wouters 205ad0 
 		dlog(LOG_ERR, "cannot convert message to CT");
Paul Wouters 205ad0 
-		goto err;
Paul Wouters 205ad0 
+		goto err2;
Paul Wouters 205ad0 
 	}
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	myct = calloc(1, sizeof(struct myct));
Paul Wouters 205ad0 
 	if (myct == NULL)
Paul Wouters 205ad0 
-		goto err;
Paul Wouters 205ad0 
+		goto err2;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	myct->ct = ct;
Paul Wouters 205ad0 
 	ctinfo = ntohl(mnl_attr_get_u32(attr[NFQA_CT_INFO]));
Paul Wouters 205ad0 
@@ -315,15 +315,15 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
Paul Wouters 205ad0 
 	/* XXX: 256 bytes enough for possible NAT mangling in helpers? */
Paul Wouters 205ad0 
 	pktb = pktb_alloc(AF_INET, pkt, pktlen, 256);
Paul Wouters 205ad0 
 	if (pktb == NULL)
Paul Wouters 205ad0 
-		goto err;
Paul Wouters 205ad0 
+		goto err3;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	/* Misconfiguration: if no helper found, accept the packet. */
Paul Wouters 205ad0 
 	helper = helper_run(pktb, protoff, myct, ctinfo, queue_num, &verdict);
Paul Wouters 205ad0 
 	if (!helper)
Paul Wouters 205ad0 
-		goto err_pktb;
Paul Wouters 205ad0 
+		goto err4;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	if (pkt_verdict_issue(helper, myct, queue_num, id, verdict, pktb) < 0)
Paul Wouters 205ad0 
-		goto err_pktb;
Paul Wouters 205ad0 
+		goto err4;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	nfct_destroy(ct);
Paul Wouters 205ad0 
 	if (myct->exp != NULL)
Paul Wouters 205ad0 
@@ -333,18 +333,19 @@ static int nfq_queue_cb(const struct nlmsghdr *nlh, void *data)
Paul Wouters 205ad0 
 	free(myct);
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	return MNL_CB_OK;
Paul Wouters 205ad0 
-err_pktb:
Paul Wouters 205ad0 
+err4:
Paul Wouters 205ad0 
 	pktb_free(pktb);
Paul Wouters 205ad0 
-err:
Paul Wouters 205ad0 
+err3:
Paul Wouters 205ad0 
+	free(myct);
Paul Wouters 205ad0 
+err2:
Paul Wouters 205ad0 
+	nfct_destroy(ct);
Paul Wouters 205ad0 
+err1:
Paul Wouters 205ad0 
 	/* In case of error, we don't want to disrupt traffic. We accept all.
Paul Wouters 205ad0 
 	 * This is connection tracking after all. The policy is not to drop
Paul Wouters 205ad0 
 	 * packet unless we enter some inconsistent state.
Paul Wouters 205ad0 
 	 */
Paul Wouters 205ad0 
 	pkt_verdict_error(queue_num, id);
Paul Wouters 205ad0
Paul Wouters 205ad0 
-	if (ct != NULL)
Paul Wouters 205ad0 
-		nfct_destroy(ct);
Paul Wouters 205ad0 
-
Paul Wouters 205ad0 
 	return MNL_CB_OK;
Paul Wouters 205ad0 
 }
Paul Wouters 205ad0
Paul Wouters 205ad0 
diff --git a/src/local.c b/src/local.c
Paul Wouters 205ad0 
index 453799a..3395b4c 100644
Paul Wouters 205ad0 
--- a/src/local.c
Paul Wouters 205ad0 
+++ b/src/local.c
Paul Wouters 205ad0 
@@ -77,7 +77,7 @@ int do_local_server_step(struct local_server *server, void *data,
Paul Wouters 205ad0 
 	int rfd;
Paul Wouters 205ad0 
 	struct sockaddr_un local;
Paul Wouters 205ad0 
 	socklen_t sin_size = sizeof(struct sockaddr_un);
Paul Wouters 205ad0 
-
Paul Wouters 205ad0 
+
Paul Wouters 205ad0 
 	rfd = accept(server->fd, (struct sockaddr *) &local, &sin_size);
Paul Wouters 205ad0 
 	if (rfd == -1)
Paul Wouters 205ad0 
 		return -1;
Paul Wouters 205ad0 
@@ -147,11 +147,14 @@ int do_local_request(int request,
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	ret = send(fd, &request, sizeof(int), 0);
Paul Wouters 205ad0 
 	if (ret == -1)
Paul Wouters 205ad0 
-		return -1;
Paul Wouters 205ad0 
+		goto err1;
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	do_local_client_step(fd, step);
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	local_client_destroy(fd);
Paul Wouters 205ad0 
-
Paul Wouters 205ad0 
+
Paul Wouters 205ad0 
 	return 0;
Paul Wouters 205ad0 
+err1:
Paul Wouters 205ad0 
+	local_client_destroy(fd);
Paul Wouters 205ad0 
+	return -1;
Paul Wouters 205ad0 
 }
Paul Wouters 205ad0 
diff --git a/src/parse.c b/src/parse.c
Paul Wouters 205ad0 
index f3ec6ac..919d36c 100644
Paul Wouters 205ad0 
--- a/src/parse.c
Paul Wouters 205ad0 
+++ b/src/parse.c
Paul Wouters 205ad0 
@@ -297,7 +297,7 @@ int msg2ct(struct nf_conntrack *ct, struct nethdr *net, size_t remain)
Paul Wouters 205ad0 
 			return -1;
Paul Wouters 205ad0 
 		if (attr->nta_len < NTA_LENGTH(0))
Paul Wouters 205ad0 
 			return -1;
Paul Wouters 205ad0 
-		if (attr->nta_attr > NTA_MAX)
Paul Wouters 205ad0 
+		if (attr->nta_attr >= NTA_MAX)
Paul Wouters 205ad0 
 			return -1;
Paul Wouters 205ad0 
 		if (h[attr->nta_attr].size &&
Paul Wouters 205ad0 
 		    attr->nta_len != h[attr->nta_attr].size)
Paul Wouters 205ad0 
@@ -510,7 +510,7 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain)
Paul Wouters 205ad0 
 		ATTR_NETWORK2HOST(attr);
Paul Wouters 205ad0 
 		if (attr->nta_len > len)
Paul Wouters 205ad0 
 			goto err;
Paul Wouters 205ad0 
-		if (attr->nta_attr > NTA_MAX)
Paul Wouters 205ad0 
+		if (attr->nta_attr >= NTA_EXP_MAX)
Paul Wouters 205ad0 
 			goto err;
Paul Wouters 205ad0 
 		if (attr->nta_len < NTA_LENGTH(0))
Paul Wouters 205ad0 
 			goto err;
Paul Wouters 205ad0 
@@ -524,13 +524,15 @@ int msg2exp(struct nf_expect *exp, struct nethdr *net, size_t remain)
Paul Wouters 205ad0 
 			attr = NTA_NEXT(attr, len);
Paul Wouters 205ad0 
 			continue;
Paul Wouters 205ad0 
 		}
Paul Wouters 205ad0 
-		switch(exp_h[attr->nta_attr].exp_attr) {
Paul Wouters 205ad0 
+		switch (exp_h[attr->nta_attr].exp_attr) {
Paul Wouters 205ad0 
 		case ATTR_EXP_MASTER:
Paul Wouters 205ad0 
 			exp_h[attr->nta_attr].parse(master, attr->nta_attr,
Paul Wouters 205ad0 
 						    NTA_DATA(attr));
Paul Wouters 205ad0 
+			break;
Paul Wouters 205ad0 
 		case ATTR_EXP_EXPECTED:
Paul Wouters 205ad0 
 			exp_h[attr->nta_attr].parse(expected, attr->nta_attr,
Paul Wouters 205ad0 
 						    NTA_DATA(attr));
Paul Wouters 205ad0 
+			break;
Paul Wouters 205ad0 
 		case ATTR_EXP_MASK:
Paul Wouters 205ad0 
 			exp_h[attr->nta_attr].parse(mask, attr->nta_attr,
Paul Wouters 205ad0 
 						    NTA_DATA(attr));
Paul Wouters 205ad0 
diff --git a/src/process.c b/src/process.c
Paul Wouters 205ad0 
index 7f0a395..3ddad5f 100644
Paul Wouters 205ad0 
--- a/src/process.c
Paul Wouters 205ad0 
+++ b/src/process.c
Paul Wouters 205ad0 
@@ -48,6 +48,8 @@ int fork_process_new(int type, int flags, void (*cb)(void *data), void *data)
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	if (c->pid > 0)
Paul Wouters 205ad0 
 		list_add(&c->head, &process_list);
Paul Wouters 205ad0 
+	else
Paul Wouters 205ad0 
+		free(c);
Paul Wouters 205ad0
Paul Wouters 205ad0 
 	return pid;
Paul Wouters 205ad0 
 }
Paul Wouters 205ad0 
diff --git a/src/tcp.c b/src/tcp.c
Paul Wouters 205ad0 
index af27c46..e570880 100644
Paul Wouters 205ad0 
--- a/src/tcp.c
Paul Wouters 205ad0 
+++ b/src/tcp.c
Paul Wouters 205ad0 
@@ -247,13 +247,11 @@ int tcp_accept(struct tcp_sock *m)
Paul Wouters 205ad0 
 	/* the other peer wants to connect ... */
Paul Wouters 205ad0 
 	ret = accept(m->fd, NULL, NULL);
Paul Wouters 205ad0 
 	if (ret == -1) {
Paul Wouters 205ad0 
-		if (errno != EAGAIN) {
Paul Wouters 205ad0 
-			/* unexpected error. Give us another try. */
Paul Wouters 205ad0 
-			m->state = TCP_SERVER_ACCEPTING;
Paul Wouters 205ad0 
-		} else {
Paul Wouters 205ad0 
-			/* waiting for new connections. */
Paul Wouters 205ad0 
-			m->state = TCP_SERVER_ACCEPTING;
Paul Wouters 205ad0 
-		}
Paul Wouters 205ad0 
+	/* unexpected error: Give us another try. Or we have hit
Paul Wouters 205ad0 
+	 * -EAGAIN, in that case we remain in the accepting connections
Paul Wouters 205ad0 
+	 * state.
Paul Wouters 205ad0 
+	 */
Paul Wouters 205ad0 
+	m->state = TCP_SERVER_ACCEPTING;
Paul Wouters 205ad0 
 	} else {
Paul Wouters 205ad0 
 		/* the peer finally got connected. */
Paul Wouters 205ad0 
 		if (fcntl(ret, F_SETFL, O_NONBLOCK) == -1) {

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation