Blame SOURCES/0006-tcp-Avoid-theoretical-resource-leak-CWE-772-Coverity.patch
|
 |
f07426 |
From cd950e6b7f85f4f8f80284ba79a027dee57bfa61 Mon Sep 17 00:00:00 2001
|
|
|
f07426 |
From: Stefano Brivio <sbrivio@redhat.com>
|
|
|
f07426 |
Date: Mon, 27 Feb 2023 03:13:31 +0100
|
|
|
f07426 |
Subject: [PATCH 06/20] tcp: Avoid (theoretical) resource leak (CWE-772)
|
|
|
f07426 |
Coverity warning
|
|
|
f07426 |
|
|
|
f07426 |
If tcp_timer_ctl() gets a socket number greater than SOCKET_MAX
|
|
|
f07426 |
(2 ^ 24), we return error but we don't close the socket. This is a
|
|
|
f07426 |
rather formal issue given that, at least on Linux, socket numbers are
|
|
|
f07426 |
monotonic and we're in general not allowed to open so many sockets.
|
|
|
f07426 |
|
|
|
f07426 |
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
f07426 |
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
|
|
|
f07426 |
(cherry picked from commit 4f523c3276741781346478328f863e60f30cba8e)
|
|
|
f07426 |
---
|
|
|
f07426 |
tcp.c | 3 +++
|
|
|
f07426 |
1 file changed, 3 insertions(+)
|
|
|
f07426 |
|
|
|
f07426 |
diff --git a/tcp.c b/tcp.c
|
|
|
f07426 |
index a811b5e..fe6e458 100644
|
|
|
f07426 |
--- a/tcp.c
|
|
|
f07426 |
+++ b/tcp.c
|
|
|
f07426 |
@@ -702,6 +702,9 @@ static void tcp_timer_ctl(const struct ctx *c, struct tcp_tap_conn *conn)
|
|
|
f07426 |
fd = timerfd_create(CLOCK_MONOTONIC, 0);
|
|
|
f07426 |
if (fd == -1 || fd > SOCKET_MAX) {
|
|
|
f07426 |
debug("TCP: failed to get timer: %s", strerror(errno));
|
|
|
f07426 |
+ if (fd > -1)
|
|
|
f07426 |
+ close(fd);
|
|
|
f07426 |
+ conn->timer = -1;
|
|
|
f07426 |
return;
|
|
|
f07426 |
}
|
|
|
f07426 |
conn->timer = fd;
|
|
|
f07426 |
--
|
|
|
f07426 |
2.39.2
|
|
|
f07426 |
|