75 lines
3.1 KiB
Diff
75 lines
3.1 KiB
Diff
|
From c90d25e96b010c5837b5db9eaa57f5063f0c2aeb Mon Sep 17 00:00:00 2001
|
|||
|
|
From: Stephen Hemminger <stephen@networkplumber.org>
|
|||
|
|
Date: Mon, 8 May 2023 20:17:50 -0700
|
|||
|
|
Subject: [PATCH] tc/prio: handle possible truncated kernel response
|
|||
|
|
MIME-Version: 1.0
|
|||
|
|
Content-Type: text/plain; charset=UTF-8
|
|||
|
|
Content-Transfer-Encoding: 8bit
|
|||
|
|
|
|||
|
|
Reported by -fanalyzer. If kernel did not send full qdisc
|
|||
|
|
info, then uninitialized or null data could be referenced.
|
|||
|
|
|
|||
|
|
q_prio.c: In function ‘prio_print_opt’:
|
|||
|
|
q_prio.c:105:57: warning: dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference]
|
|||
|
|
105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
|
|||
|
|
| ~~~~^~~~~~~
|
|||
|
|
‘prio_print_opt’: event 1
|
|||
|
|
|
|
|||
|
|
| 98 | if (opt == NULL)
|
|||
|
|
| | ^
|
|||
|
|
| | |
|
|||
|
|
| | (1) following ‘false’ branch (when ‘opt’ is non-NULL)...
|
|||
|
|
|
|
|||
|
|
‘prio_print_opt’: event 2
|
|||
|
|
|
|
|||
|
|
|../include/uapi/linux/rtnetlink.h:228:38:
|
|||
|
|
| 228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
|
|||
|
|
| | ~~~~~~^~~~~~~~~~
|
|||
|
|
| | |
|
|||
|
|
| | (2) ...to here
|
|||
|
|
../include/libnetlink.h:236:19: note: in expansion of macro ‘RTA_PAYLOAD’
|
|||
|
|
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
|
|||
|
|
| | ^~~~~~~~~~~
|
|||
|
|
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
|
|||
|
|
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
|
|||
|
|
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|
|
|||
|
|
‘prio_print_opt’: event 3
|
|||
|
|
|
|
|||
|
|
|../include/libnetlink.h:236:59:
|
|||
|
|
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
|
|||
|
|
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
|
|||
|
|
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
|
|||
|
|
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|
|
|||
|
|
‘prio_print_opt’: events 4-5
|
|||
|
|
|
|
|||
|
|
| 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
|
|||
|
|
| | ~~~~^~~~~~~
|
|||
|
|
| | |
|
|||
|
|
| | (4) ...to here
|
|||
|
|
| | (5) dereference of NULL ‘<unknown>’
|
|||
|
|
|
|
|||
|
|
|
|||
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|||
|
|
---
|
|||
|
|
tc/q_prio.c | 2 ++
|
|||
|
|
1 file changed, 2 insertions(+)
|
|||
|
|
|
|||
|
|
diff --git a/tc/q_prio.c b/tc/q_prio.c
|
|||
|
|
index c8c6477e..a3781ffe 100644
|
|||
|
|
--- a/tc/q_prio.c
|
|||
|
|
+++ b/tc/q_prio.c
|
|||
|
|
@@ -101,6 +101,8 @@ int prio_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt)
|
|||
|
|
if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
|
|||
|
|
sizeof(*qopt)))
|
|||
|
|
return -1;
|
|||
|
|
+ if (qopt == NULL)
|
|||
|
|
+ return -1; /* missing data from kernel */
|
|||
|
|
|
|||
|
|
print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
|
|||
|
|
open_json_array(PRINT_ANY, "priomap");
|
|||
|
|
--
|
|||
|
|
2.27.0
|
|||
|
|
|