* [nft PATCH 00/10] Some covscan fixes
@ 2021-06-11 16:40 Phil Sutter
2021-06-11 16:40 ` [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum Phil Sutter
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:40 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
This series fixes a bunch of minor issues identified by Coverity tool.
Phil Sutter (10):
parser_bison: Fix for implicit declaration of isalnum
parser_json: Fix for memleak in tcp option error path
evaluate: Mark fall through case in str2hooknum()
json: Drop pointless assignment in exthdr_expr_json()
netlink: Avoid memleak in error path of netlink_delinearize_set()
netlink: Avoid memleak in error path of netlink_delinearize_chain()
netlink: Avoid memleak in error path of netlink_delinearize_table()
netlink: Avoid memleak in error path of netlink_delinearize_obj()
netlink_delinearize: Fix suspicious calloc() call
rule: Fix for potential off-by-one in cmd_add_loc()
src/evaluate.c | 1 +
src/json.c | 1 -
src/netlink.c | 7 +++++--
src/netlink_delinearize.c | 5 ++---
src/parser_bison.y | 1 +
src/parser_json.c | 6 +++---
src/rule.c | 2 +-
7 files changed, 13 insertions(+), 10 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
@ 2021-06-11 16:40 ` Phil Sutter
2021-06-11 16:40 ` [nft PATCH 02/10] parser_json: Fix for memleak in tcp option error path Phil Sutter
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:40 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Have to include ctype.h to make it known.
Fixes: e76bb37940181 ("src: allow for variables in the log prefix string")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/parser_bison.y | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 136ae105f5132..c0a9dc52963ea 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -10,6 +10,7 @@
%{
+#include <ctype.h>
#include <stddef.h>
#include <stdio.h>
#include <inttypes.h>
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 02/10] parser_json: Fix for memleak in tcp option error path
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
2021-06-11 16:40 ` [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum Phil Sutter
@ 2021-06-11 16:40 ` Phil Sutter
2021-06-11 16:40 ` [nft PATCH 03/10] evaluate: Mark fall through case in str2hooknum() Phil Sutter
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:40 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
If 'kind' value is invalid, the function returned without freeing 'expr'
first. Fix this by performing the check before allocation.
Fixes: cb21869649208 ("json: tcp: add raw tcp option match support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/parser_json.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/parser_json.c b/src/parser_json.c
index e6a0233ab6ce3..bb0e4169b477d 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -603,12 +603,12 @@ static struct expr *json_parse_tcp_option_expr(struct json_ctx *ctx,
"base", &kind, "offset", &offset, "len", &len)) {
uint32_t flag = 0;
- expr = tcpopt_expr_alloc(int_loc, kind,
- TCPOPT_COMMON_KIND);
-
if (kind < 0 || kind > 255)
return NULL;
+ expr = tcpopt_expr_alloc(int_loc, kind,
+ TCPOPT_COMMON_KIND);
+
if (offset == TCPOPT_COMMON_KIND && len == 8)
flag = NFT_EXTHDR_F_PRESENT;
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 03/10] evaluate: Mark fall through case in str2hooknum()
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
2021-06-11 16:40 ` [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum Phil Sutter
2021-06-11 16:40 ` [nft PATCH 02/10] parser_json: Fix for memleak in tcp option error path Phil Sutter
@ 2021-06-11 16:40 ` Phil Sutter
2021-06-11 16:40 ` [nft PATCH 04/10] json: Drop pointless assignment in exthdr_expr_json() Phil Sutter
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:40 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
It is certainly intentional, so just mark it as such.
Fixes: b4775dec9f80b ("src: ingress inet support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/evaluate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 43f1f8a3977b2..ee79f160f8ff3 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -4145,6 +4145,7 @@ static uint32_t str2hooknum(uint32_t family, const char *hook)
case NFPROTO_INET:
if (!strcmp(hook, "ingress"))
return NF_INET_INGRESS;
+ /* fall through */
case NFPROTO_IPV4:
case NFPROTO_BRIDGE:
case NFPROTO_IPV6:
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 04/10] json: Drop pointless assignment in exthdr_expr_json()
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
` (2 preceding siblings ...)
2021-06-11 16:40 ` [nft PATCH 03/10] evaluate: Mark fall through case in str2hooknum() Phil Sutter
@ 2021-06-11 16:40 ` Phil Sutter
2021-06-11 16:40 ` [nft PATCH 05/10] netlink: Avoid memleak in error path of netlink_delinearize_set() Phil Sutter
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:40 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
The updated value of 'is_exists' is no longer read at this point.
Fixes: cb21869649208 ("json: tcp: add raw tcp option match support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/json.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/json.c b/src/json.c
index f648ea1b8c178..f111ad678f8a0 100644
--- a/src/json.c
+++ b/src/json.c
@@ -708,7 +708,6 @@ json_t *exthdr_expr_json(const struct expr *expr, struct output_ctx *octx)
"base", expr->exthdr.raw_type,
"offset", expr->exthdr.offset,
"len", expr->len);
- is_exists = false;
}
return json_pack("{s:o}", "tcp option", root);
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 05/10] netlink: Avoid memleak in error path of netlink_delinearize_set()
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
` (3 preceding siblings ...)
2021-06-11 16:40 ` [nft PATCH 04/10] json: Drop pointless assignment in exthdr_expr_json() Phil Sutter
@ 2021-06-11 16:40 ` Phil Sutter
2021-06-11 16:41 ` [nft PATCH 06/10] netlink: Avoid memleak in error path of netlink_delinearize_chain() Phil Sutter
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:40 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Duplicate string 'comment' later when the function does not fail
anymore.
Fixes: 0864c2d49ee8a ("src: add comment support for set declarations")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/netlink.c b/src/netlink.c
index e91b06e3ea971..41cce3379ca50 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -867,7 +867,7 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
if (ud[NFTNL_UDATA_SET_DATA_TYPEOF])
typeof_expr_data = set_make_key(ud[NFTNL_UDATA_SET_DATA_TYPEOF]);
if (ud[NFTNL_UDATA_SET_COMMENT])
- comment = xstrdup(nftnl_udata_get(ud[NFTNL_UDATA_SET_COMMENT]));
+ comment = nftnl_udata_get(ud[NFTNL_UDATA_SET_COMMENT]);
}
key = nftnl_set_get_u32(nls, NFTNL_SET_KEY_TYPE);
@@ -905,7 +905,7 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
set->handle.set.name = xstrdup(nftnl_set_get_str(nls, NFTNL_SET_NAME));
set->automerge = automerge;
if (comment)
- set->comment = comment;
+ set->comment = xstrdup(comment);
init_list_head(&set_parse_ctx.stmt_list);
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 06/10] netlink: Avoid memleak in error path of netlink_delinearize_chain()
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
` (4 preceding siblings ...)
2021-06-11 16:40 ` [nft PATCH 05/10] netlink: Avoid memleak in error path of netlink_delinearize_set() Phil Sutter
@ 2021-06-11 16:41 ` Phil Sutter
2021-06-11 16:41 ` [nft PATCH 07/10] netlink: Avoid memleak in error path of netlink_delinearize_table() Phil Sutter
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:41 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
If parsing udata fails, 'chain' has to be freed before returning to
caller.
Fixes: 702ac2b72c0e8 ("src: add comment support for chains")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/netlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/netlink.c b/src/netlink.c
index 41cce3379ca50..1bbdf98bd2ee2 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -599,6 +599,7 @@ struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
udata = nftnl_chain_get_data(nlc, NFTNL_CHAIN_USERDATA, &ulen);
if (nftnl_udata_parse(udata, ulen, chain_parse_udata_cb, ud) < 0) {
netlink_io_error(ctx, NULL, "Cannot parse userdata");
+ chain_free(chain);
return NULL;
}
if (ud[NFTNL_UDATA_CHAIN_COMMENT])
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 07/10] netlink: Avoid memleak in error path of netlink_delinearize_table()
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
` (5 preceding siblings ...)
2021-06-11 16:41 ` [nft PATCH 06/10] netlink: Avoid memleak in error path of netlink_delinearize_chain() Phil Sutter
@ 2021-06-11 16:41 ` Phil Sutter
2021-06-11 16:41 ` [nft PATCH 08/10] netlink: Avoid memleak in error path of netlink_delinearize_obj() Phil Sutter
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:41 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
If parsing udata fails, 'table' has to be freed before returning to
caller.
Fixes: c156232a530b3 ("src: add comment support when adding tables")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/netlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/netlink.c b/src/netlink.c
index 1bbdf98bd2ee2..be98bfb7f5c12 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -647,6 +647,7 @@ struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
udata = nftnl_table_get_data(nlt, NFTNL_TABLE_USERDATA, &ulen);
if (nftnl_udata_parse(udata, ulen, table_parse_udata_cb, ud) < 0) {
netlink_io_error(ctx, NULL, "Cannot parse userdata");
+ table_free(table);
return NULL;
}
if (ud[NFTNL_UDATA_TABLE_COMMENT])
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 08/10] netlink: Avoid memleak in error path of netlink_delinearize_obj()
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
` (6 preceding siblings ...)
2021-06-11 16:41 ` [nft PATCH 07/10] netlink: Avoid memleak in error path of netlink_delinearize_table() Phil Sutter
@ 2021-06-11 16:41 ` Phil Sutter
2021-06-11 16:41 ` [nft PATCH 09/10] netlink_delinearize: Fix suspicious calloc() call Phil Sutter
2021-06-11 16:41 ` [nft PATCH 10/10] rule: Fix for potential off-by-one in cmd_add_loc() Phil Sutter
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:41 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
If parsing udata fails, 'obj' has to be freed before returning to
caller.
Fixes: 293c9b114faef ("src: add comment support for objects")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/netlink.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/netlink.c b/src/netlink.c
index be98bfb7f5c12..f2c1a4a15dee8 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1450,6 +1450,7 @@ struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
udata = nftnl_obj_get_data(nlo, NFTNL_OBJ_USERDATA, &ulen);
if (nftnl_udata_parse(udata, ulen, obj_parse_udata_cb, ud) < 0) {
netlink_io_error(ctx, NULL, "Cannot parse userdata");
+ obj_free(obj);
return NULL;
}
if (ud[NFTNL_UDATA_OBJ_COMMENT])
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 09/10] netlink_delinearize: Fix suspicious calloc() call
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
` (7 preceding siblings ...)
2021-06-11 16:41 ` [nft PATCH 08/10] netlink: Avoid memleak in error path of netlink_delinearize_obj() Phil Sutter
@ 2021-06-11 16:41 ` Phil Sutter
2021-06-11 16:41 ` [nft PATCH 10/10] rule: Fix for potential off-by-one in cmd_add_loc() Phil Sutter
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:41 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Parameter passed to sizeof() was wrong. While being at it, replace the
whole call with xmalloc_array() which takes care of error checking.
Fixes: 913979f882d13 ("src: add expression handler hashtable")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/netlink_delinearize.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index a71d06d7fe12f..9a1cf3c4f7d90 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1733,9 +1733,8 @@ void expr_handler_init(void)
unsigned int i;
uint32_t hash;
- expr_handle_ht = calloc(NFT_EXPR_HSIZE, sizeof(expr_handle_ht));
- if (!expr_handle_ht)
- memory_allocation_error();
+ expr_handle_ht = xmalloc_array(NFT_EXPR_HSIZE,
+ sizeof(expr_handle_ht[0]));
for (i = 0; i < array_size(netlink_parsers); i++) {
hash = djb_hash(netlink_parsers[i].name) % NFT_EXPR_HSIZE;
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [nft PATCH 10/10] rule: Fix for potential off-by-one in cmd_add_loc()
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
` (8 preceding siblings ...)
2021-06-11 16:41 ` [nft PATCH 09/10] netlink_delinearize: Fix suspicious calloc() call Phil Sutter
@ 2021-06-11 16:41 ` Phil Sutter
9 siblings, 0 replies; 11+ messages in thread
From: Phil Sutter @ 2021-06-11 16:41 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Using num_attrs as index means it must be at max one less than the
array's size at function start.
Fixes: 27362a5bfa433 ("rule: larger number of error locations")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/rule.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/rule.c b/src/rule.c
index dbbe744eee0d8..92daf2f33b76b 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1275,7 +1275,7 @@ struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj,
void cmd_add_loc(struct cmd *cmd, uint16_t offset, const struct location *loc)
{
- if (cmd->num_attrs > NFT_NLATTR_LOC_MAX)
+ if (cmd->num_attrs >= NFT_NLATTR_LOC_MAX)
return;
cmd->attr[cmd->num_attrs].offset = offset;
--
2.31.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-06-11 16:41 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-11 16:40 [nft PATCH 00/10] Some covscan fixes Phil Sutter
2021-06-11 16:40 ` [nft PATCH 01/10] parser_bison: Fix for implicit declaration of isalnum Phil Sutter
2021-06-11 16:40 ` [nft PATCH 02/10] parser_json: Fix for memleak in tcp option error path Phil Sutter
2021-06-11 16:40 ` [nft PATCH 03/10] evaluate: Mark fall through case in str2hooknum() Phil Sutter
2021-06-11 16:40 ` [nft PATCH 04/10] json: Drop pointless assignment in exthdr_expr_json() Phil Sutter
2021-06-11 16:40 ` [nft PATCH 05/10] netlink: Avoid memleak in error path of netlink_delinearize_set() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 06/10] netlink: Avoid memleak in error path of netlink_delinearize_chain() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 07/10] netlink: Avoid memleak in error path of netlink_delinearize_table() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 08/10] netlink: Avoid memleak in error path of netlink_delinearize_obj() Phil Sutter
2021-06-11 16:41 ` [nft PATCH 09/10] netlink_delinearize: Fix suspicious calloc() call Phil Sutter
2021-06-11 16:41 ` [nft PATCH 10/10] rule: Fix for potential off-by-one in cmd_add_loc() Phil Sutter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.