From 370e9e38e8e0b35810734125e2b6eeac65fefa5d Mon Sep 17 00:00:00 2001 From: Chris Luke Date: Thu, 7 Jul 2016 11:01:17 -0400 Subject: [PATCH] VPP-189 Some bugfixes for issues reported by Coverity CID 130914 Buffer not null terminated CID 130916 Unchecked return value CID 130938 Unchecked return value from library CID 130939 Unchecked return value from library CID 130940 Unchecked return value from library CID 131042 Argument cannot be negative CID 131222 Resource leak CID 131223 Resource leak CID 131334 Double close CID 131335 Read from pointer after free CID 131211 Resource leak CID 131212 Resource leak Change-Id: Idd80b91f621278e0be15911f2ed4354dbe4fc7f2 Signed-off-by: Chris Luke --- svm/svm.c | 45 ++++++++++++++++++++++++++++++++------- vlib/vlib/pci/linux_pci.c | 35 ++++++++++++++++++++++++------ 2 files changed, 66 insertions(+), 14 deletions(-) diff --git a/svm/svm.c b/svm/svm.c index b50aa8207ef..e62f3f839fd 100644 --- a/svm/svm.c +++ b/svm/svm.c @@ -225,14 +225,22 @@ static int svm_data_region_create (svm_map_region_args_t *a, if (fstat(fd, &statb) < 0) { clib_unix_warning("fstat"); + close (fd); return -2; } if (statb.st_mode & S_IFREG) { if (statb.st_size == 0) { - lseek(fd, map_size, SEEK_SET); - if (write(fd, &junk, 1) != 1) + if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) { + clib_unix_warning ("seek region size"); + close (fd); + return -3; + } + if (write(fd, &junk, 1) != 1) { clib_unix_warning ("set region size"); + close (fd); + return -3; + } } else { map_size = rnd_pagesize (statb.st_size); } @@ -246,6 +254,7 @@ static int svm_data_region_create (svm_map_region_args_t *a, if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) { clib_unix_warning("mmap"); + close (fd); return -3; } close(fd); @@ -283,14 +292,22 @@ static int svm_data_region_map (svm_map_region_args_t *a, if (fstat(fd, &statb) < 0) { clib_unix_warning("fstat"); + close (fd); return -2; } if (statb.st_mode & S_IFREG) { if (statb.st_size == 0) { - lseek(fd, map_size, SEEK_SET); - if (write(fd, &junk, 1) != 1) + if (lseek(fd, map_size, SEEK_SET) == (off_t) -1) { + clib_unix_warning ("seek region size"); + close (fd); + return -3; + } + if (write(fd, &junk, 1) != 1) { clib_unix_warning ("set region size"); + close (fd); + return -3; + } } else { map_size = rnd_pagesize (statb.st_size); } @@ -304,6 +321,7 @@ static int svm_data_region_map (svm_map_region_args_t *a, if (mmap (rp->data_base, map_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, fd, 0) == MAP_FAILED) { clib_unix_warning("mmap"); + close (fd); return -3; } close(fd); @@ -399,15 +417,23 @@ void *svm_map_region (svm_map_region_args_t *a) vec_free(shm_name); - lseek(svm_fd, a->size, SEEK_SET); - if (write(svm_fd, &junk, 1) != 1) + if (lseek(svm_fd, a->size, SEEK_SET) == (off_t) -1) { + clib_warning ("seek region size"); + close (svm_fd); + return (0); + } + if (write(svm_fd, &junk, 1) != 1) { clib_warning ("set region size"); + close (svm_fd); + return (0); + } rp = mmap((void *)a->baseva, a->size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, svm_fd, 0); if (rp == (svm_region_t *) MAP_FAILED) { clib_unix_warning ("mmap create"); + close (svm_fd); return (0); } close(svm_fd); @@ -509,6 +535,7 @@ void *svm_map_region (svm_map_region_args_t *a) while (1) { if (0 != fstat(svm_fd, &stat)) { clib_warning("fstat failed: %d", errno); + close (svm_fd); return (0); } if (stat.st_size > 0) { @@ -516,6 +543,7 @@ void *svm_map_region (svm_map_region_args_t *a) } if (0 == time_left) { clib_warning("waiting for resize of shm file timed out"); + close (svm_fd); return (0); } ts.tv_sec = 0; @@ -545,10 +573,10 @@ void *svm_map_region (svm_map_region_args_t *a) * -ed? */ if (rp->version == 0) { - close(svm_fd); - munmap(rp, a->size); clib_warning("rp->version %d not %d", rp->version, SVM_VERSION); + close(svm_fd); + munmap(rp, a->size); return (0); } /* Remap now that the region has been placed */ @@ -561,6 +589,7 @@ void *svm_map_region (svm_map_region_args_t *a) MAP_SHARED | MAP_FIXED, svm_fd, 0); if ((uword)rp == (uword)MAP_FAILED) { clib_unix_warning ("mmap"); + close (svm_fd); return (0); } diff --git a/vlib/vlib/pci/linux_pci.c b/vlib/vlib/pci/linux_pci.c index 757f2aa5fa2..6cc70e6d6aa 100644 --- a/vlib/vlib/pci/linux_pci.c +++ b/vlib/vlib/pci/linux_pci.c @@ -123,6 +123,11 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name) } fd = socket(PF_INET, SOCK_DGRAM, 0); + if (fd < 0) + { + error = clib_error_return_unix (0, "socket"); + goto done; + } while((e = readdir (dir))) { @@ -135,17 +140,32 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name) memset(&ifr, 0, sizeof ifr); memset(&drvinfo, 0, sizeof drvinfo); ifr.ifr_data = (char *) &drvinfo; - strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ); + strncpy(ifr.ifr_name, e->d_name, IFNAMSIZ - 1); drvinfo.cmd = ETHTOOL_GDRVINFO; - ioctl (fd, SIOCETHTOOL, &ifr); + if (ioctl (fd, SIOCETHTOOL, &ifr) < 0) + { + if (errno == ENOTSUP) + /* Some interfaces (eg "lo") don't support this ioctl */ + continue; + + error = clib_error_return_unix (0, "ioctl fetch intf %s bus info", + e->d_name); + close (fd); + goto done; + } if (strcmp ((char *) s, drvinfo.bus_info)) continue; memset (&ifr, 0, sizeof(ifr)); - strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ); - ioctl (fd, SIOCGIFFLAGS, &ifr); - close (fd); + strncpy (ifr.ifr_name, e->d_name, IFNAMSIZ - 1); + if (ioctl (fd, SIOCGIFFLAGS, &ifr) < 0) + { + error = clib_error_return_unix (0, "ioctl fetch intf %s flags", + e->d_name); + close (fd); + goto done; + } if (ifr.ifr_flags & IFF_UP) { @@ -153,6 +173,7 @@ vlib_pci_bind_to_uio (vlib_pci_device_t * d, char * uio_driver_name) "interface %s is up", format_vlib_pci_addr, &d->bus_address, e->d_name); + close (fd); goto done; } } @@ -352,7 +373,7 @@ os_map_pci_resource_internal (uword os_handle, done: if (error) { - if (fd > 0) + if (fd >= 0) close (fd); } vec_free (file_name); @@ -478,6 +499,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored) { pool_put (pm->pci_devs, dev); error = clib_error_return_unix (0, "read `%s'", f); + close (fd); goto done; } @@ -490,6 +512,7 @@ scan_device (void * arg, u8 * dev_dir_name, u8 * ignored) { pool_put (pm->pci_devs, dev); error = clib_error_return (0, "invalid PCI config for `%s'", f); + close (fd); goto done; } }