Message ID | 20190205174207.9278-1-peter.maydell@linaro.org |
---|---|
State | Superseded |
Headers | show |
Series | linux-user: Check sscanf return value in open_net_route() | expand |
On 2/5/19 6:42 PM, Peter Maydell wrote: > Coverity warns (CID 1390634) that open_net_route() is not > checking the return value from sscanf(), which means that > it might then use values that aren't initialized. > > Errors here should in general not happen since we're passing > an assumed-good /proc/net/route from the host kernel, but > if we do fail to parse a line then just skip it in the output > we pass to the guest. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > linux-user/syscall.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index b5786d4fc1f..894678aa8b4 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd) > char iface[16]; > uint32_t dest, gw, mask; > unsigned int flags, refcnt, use, metric, mtu, window, irtt; > - sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > - iface, &dest, &gw, &flags, &refcnt, &use, &metric, > - &mask, &mtu, &window, &irtt); > + int fields; > + > + fields = sscanf(line, > + "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > + iface, &dest, &gw, &flags, &refcnt, &use, &metric, > + &mask, &mtu, &window, &irtt); > + if (fields != 11) { > + continue; > + } > dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > iface, tswap32(dest), tswap32(gw), flags, refcnt, use, > metric, tswap32(mask), mtu, window, irtt); >
On Tue, Feb 05, 2019 at 05:42:07PM +0000, Peter Maydell wrote: > Coverity warns (CID 1390634) that open_net_route() is not > checking the return value from sscanf(), which means that > it might then use values that aren't initialized. > > Errors here should in general not happen since we're passing > an assumed-good /proc/net/route from the host kernel, but > if we do fail to parse a line then just skip it in the output > we pass to the guest. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > linux-user/syscall.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Thanks, Stefano
On 05/02/2019 18:42, Peter Maydell wrote: > Coverity warns (CID 1390634) that open_net_route() is not > checking the return value from sscanf(), which means that > it might then use values that aren't initialized. > > Errors here should in general not happen since we're passing > an assumed-good /proc/net/route from the host kernel, but > if we do fail to parse a line then just skip it in the output > we pass to the guest. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > linux-user/syscall.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index b5786d4fc1f..894678aa8b4 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd) > char iface[16]; > uint32_t dest, gw, mask; > unsigned int flags, refcnt, use, metric, mtu, window, irtt; > - sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > - iface, &dest, &gw, &flags, &refcnt, &use, &metric, > - &mask, &mtu, &window, &irtt); > + int fields; > + > + fields = sscanf(line, > + "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > + iface, &dest, &gw, &flags, &refcnt, &use, &metric, > + &mask, &mtu, &window, &irtt); > + if (fields != 11) { > + continue; > + } > dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > iface, tswap32(dest), tswap32(gw), flags, refcnt, use, > metric, tswap32(mask), mtu, window, irtt); > Reviewed-by: Laurent Vivier <laurent@vivier.eu>
On 05/02/2019 18:42, Peter Maydell wrote: > Coverity warns (CID 1390634) that open_net_route() is not > checking the return value from sscanf(), which means that > it might then use values that aren't initialized. > > Errors here should in general not happen since we're passing > an assumed-good /proc/net/route from the host kernel, but > if we do fail to parse a line then just skip it in the output > we pass to the guest. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > linux-user/syscall.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index b5786d4fc1f..894678aa8b4 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd) > char iface[16]; > uint32_t dest, gw, mask; > unsigned int flags, refcnt, use, metric, mtu, window, irtt; > - sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > - iface, &dest, &gw, &flags, &refcnt, &use, &metric, > - &mask, &mtu, &window, &irtt); > + int fields; > + > + fields = sscanf(line, > + "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > + iface, &dest, &gw, &flags, &refcnt, &use, &metric, > + &mask, &mtu, &window, &irtt); > + if (fields != 11) { > + continue; > + } > dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", > iface, tswap32(dest), tswap32(gw), flags, refcnt, use, > metric, tswap32(mask), mtu, window, irtt); > Applied to my linux-user branch. Thanks, Laurent
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index b5786d4fc1f..894678aa8b4 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd) char iface[16]; uint32_t dest, gw, mask; unsigned int flags, refcnt, use, metric, mtu, window, irtt; - sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", - iface, &dest, &gw, &flags, &refcnt, &use, &metric, - &mask, &mtu, &window, &irtt); + int fields; + + fields = sscanf(line, + "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", + iface, &dest, &gw, &flags, &refcnt, &use, &metric, + &mask, &mtu, &window, &irtt); + if (fields != 11) { + continue; + } dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n", iface, tswap32(dest), tswap32(gw), flags, refcnt, use, metric, tswap32(mask), mtu, window, irtt);
Coverity warns (CID 1390634) that open_net_route() is not checking the return value from sscanf(), which means that it might then use values that aren't initialized. Errors here should in general not happen since we're passing an assumed-good /proc/net/route from the host kernel, but if we do fail to parse a line then just skip it in the output we pass to the guest. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> --- linux-user/syscall.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) -- 2.20.1