|
 |
f07426 |
From 65d8d329620973319b577e9a1b0ffad528a4df1f Mon Sep 17 00:00:00 2001
|
|
|
f07426 |
From: Stefano Brivio <sbrivio@redhat.com>
|
|
|
f07426 |
Date: Mon, 27 Feb 2023 03:05:26 +0100
|
|
|
f07426 |
Subject: [PATCH 05/20] tcp: Avoid false (but convoluted) positive Coverity
|
|
|
f07426 |
CWE-476 warning
|
|
|
f07426 |
|
|
|
f07426 |
If there are no TCP options in the header, tcp_tap_handler() will
|
|
|
f07426 |
pass the corresponding pointer, fetched via packet_get(), as NULL to
|
|
|
f07426 |
tcp_conn_from_sock_finish(), which in turn indirectly calls
|
|
|
f07426 |
tcp_opt_get().
|
|
|
f07426 |
|
|
|
f07426 |
If there are no options, tcp_opt_get() will stop right away because
|
|
|
f07426 |
the option length is indicated as zero. However, if the logic is
|
|
|
f07426 |
complicated enough to follow for static checkers, adding an explicit
|
|
|
f07426 |
check against NULL in tcp_opt_get() is probably a good idea.
|
|
|
f07426 |
|
|
|
f07426 |
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
f07426 |
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
|
|
|
f07426 |
(cherry picked from commit a1d5537741679c117b4c1a9b736ea2540a976eee)
|
|
|
f07426 |
---
|
|
|
f07426 |
tcp.c | 2 +-
|
|
|
f07426 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
f07426 |
|
|
|
f07426 |
diff --git a/tcp.c b/tcp.c
|
|
|
f07426 |
index c62fe44..a811b5e 100644
|
|
|
f07426 |
--- a/tcp.c
|
|
|
f07426 |
+++ b/tcp.c
|
|
|
f07426 |
@@ -1114,7 +1114,7 @@ static int tcp_opt_get(const char *opts, size_t len, uint8_t type_find,
|
|
|
f07426 |
{
|
|
|
f07426 |
uint8_t type, optlen;
|
|
|
f07426 |
|
|
|
f07426 |
- if (!len)
|
|
|
f07426 |
+ if (!opts || !len)
|
|
|
f07426 |
return -1;
|
|
|
f07426 |
|
|
|
f07426 |
for (; len >= 2; opts += optlen, len -= optlen) {
|
|
|
f07426 |
--
|
|
|
f07426 |
2.39.2
|
|
|
f07426 |
|