linux-user: Check sscanf return value in open_net_route()

Message ID	20190205174207.9278-1-peter.maydell@linaro.org
State	Superseded
Headers	show Delivered-To: patches@linaro.org Received-SPF: pass (google.com: domain of peter.maydell@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; From: Peter Maydell <peter.maydell@linaro.org> To: qemu-devel@nongnu.org Cc: patches@linaro.org, Laurent Vivier <laurent@vivier.eu>, Riku Voipio <riku.voipio@iki.fi> Subject: [PATCH] linux-user: Check sscanf return value in open_net_route() Date: Tue, 5 Feb 2019 17:42:07 +0000 Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	linux-user: Check sscanf return value in open_net_route() \| expand linux-user: Check sscanf return value in open_net_route()

Message ID

20190205174207.9278-1-peter.maydell@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: domain of peter.maydell@linaro.org
	designates 209.85.220.65 as permitted sender)
	client-ip=209.85.220.65; 
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Cc: patches@linaro.org, Laurent Vivier <laurent@vivier.eu>,
	Riku Voipio <riku.voipio@iki.fi>
Subject: [PATCH] linux-user: Check sscanf return value in open_net_route()
Date: Tue,  5 Feb 2019 17:42:07 +0000
Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

linux-user: Check sscanf return value in open_net_route() | expand

Commit Message

Peter Maydell Feb. 5, 2019, 5:42 p.m. UTC

Coverity warns (CID 1390634) that open_net_route() is not
checking the return value from sscanf(), which means that
it might then use values that aren't initialized.

Errors here should in general not happen since we're passing
an assumed-good /proc/net/route from the host kernel, but
if we do fail to parse a line then just skip it in the output
we pass to the guest.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

---
 linux-user/syscall.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

-- 
2.20.1

Comments

Philippe Mathieu-Daudé Feb. 5, 2019, 8:26 p.m. UTC | #1

On 2/5/19 6:42 PM, Peter Maydell wrote:
> Coverity warns (CID 1390634) that open_net_route() is not

> checking the return value from sscanf(), which means that

> it might then use values that aren't initialized.

> 

> Errors here should in general not happen since we're passing

> an assumed-good /proc/net/route from the host kernel, but

> if we do fail to parse a line then just skip it in the output

> we pass to the guest.

> 

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>


> ---

>  linux-user/syscall.c | 12 +++++++++---

>  1 file changed, 9 insertions(+), 3 deletions(-)

> 

> diff --git a/linux-user/syscall.c b/linux-user/syscall.c

> index b5786d4fc1f..894678aa8b4 100644

> --- a/linux-user/syscall.c

> +++ b/linux-user/syscall.c

> @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd)

>          char iface[16];

>          uint32_t dest, gw, mask;

>          unsigned int flags, refcnt, use, metric, mtu, window, irtt;

> -        sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

> -                     iface, &dest, &gw, &flags, &refcnt, &use, &metric,

> -                     &mask, &mtu, &window, &irtt);

> +        int fields;

> +

> +        fields = sscanf(line,

> +                        "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

> +                        iface, &dest, &gw, &flags, &refcnt, &use, &metric,

> +                        &mask, &mtu, &window, &irtt);

> +        if (fields != 11) {

> +            continue;

> +        }

>          dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

>                  iface, tswap32(dest), tswap32(gw), flags, refcnt, use,

>                  metric, tswap32(mask), mtu, window, irtt);

>

Stefano Garzarella Feb. 6, 2019, 9:33 a.m. UTC | #2

On Tue, Feb 05, 2019 at 05:42:07PM +0000, Peter Maydell wrote:
> Coverity warns (CID 1390634) that open_net_route() is not

> checking the return value from sscanf(), which means that

> it might then use values that aren't initialized.

> 

> Errors here should in general not happen since we're passing

> an assumed-good /proc/net/route from the host kernel, but

> if we do fail to parse a line then just skip it in the output

> we pass to the guest.

> 

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

> ---

>  linux-user/syscall.c | 12 +++++++++---

>  1 file changed, 9 insertions(+), 3 deletions(-)


Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>


Thanks,
Stefano

Laurent Vivier Feb. 6, 2019, 9:56 a.m. UTC | #3

On 05/02/2019 18:42, Peter Maydell wrote:
> Coverity warns (CID 1390634) that open_net_route() is not

> checking the return value from sscanf(), which means that

> it might then use values that aren't initialized.

> 

> Errors here should in general not happen since we're passing

> an assumed-good /proc/net/route from the host kernel, but

> if we do fail to parse a line then just skip it in the output

> we pass to the guest.

> 

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

> ---

>  linux-user/syscall.c | 12 +++++++++---

>  1 file changed, 9 insertions(+), 3 deletions(-)

> 

> diff --git a/linux-user/syscall.c b/linux-user/syscall.c

> index b5786d4fc1f..894678aa8b4 100644

> --- a/linux-user/syscall.c

> +++ b/linux-user/syscall.c

> @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd)

>          char iface[16];

>          uint32_t dest, gw, mask;

>          unsigned int flags, refcnt, use, metric, mtu, window, irtt;

> -        sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

> -                     iface, &dest, &gw, &flags, &refcnt, &use, &metric,

> -                     &mask, &mtu, &window, &irtt);

> +        int fields;

> +

> +        fields = sscanf(line,

> +                        "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

> +                        iface, &dest, &gw, &flags, &refcnt, &use, &metric,

> +                        &mask, &mtu, &window, &irtt);

> +        if (fields != 11) {

> +            continue;

> +        }

>          dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

>                  iface, tswap32(dest), tswap32(gw), flags, refcnt, use,

>                  metric, tswap32(mask), mtu, window, irtt);

> 


Reviewed-by: Laurent Vivier <laurent@vivier.eu>

Laurent Vivier Feb. 6, 2019, 10:07 a.m. UTC | #4

On 05/02/2019 18:42, Peter Maydell wrote:
> Coverity warns (CID 1390634) that open_net_route() is not

> checking the return value from sscanf(), which means that

> it might then use values that aren't initialized.

> 

> Errors here should in general not happen since we're passing

> an assumed-good /proc/net/route from the host kernel, but

> if we do fail to parse a line then just skip it in the output

> we pass to the guest.

> 

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

> ---

>  linux-user/syscall.c | 12 +++++++++---

>  1 file changed, 9 insertions(+), 3 deletions(-)

> 

> diff --git a/linux-user/syscall.c b/linux-user/syscall.c

> index b5786d4fc1f..894678aa8b4 100644

> --- a/linux-user/syscall.c

> +++ b/linux-user/syscall.c

> @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd)

>          char iface[16];

>          uint32_t dest, gw, mask;

>          unsigned int flags, refcnt, use, metric, mtu, window, irtt;

> -        sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

> -                     iface, &dest, &gw, &flags, &refcnt, &use, &metric,

> -                     &mask, &mtu, &window, &irtt);

> +        int fields;

> +

> +        fields = sscanf(line,

> +                        "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

> +                        iface, &dest, &gw, &flags, &refcnt, &use, &metric,

> +                        &mask, &mtu, &window, &irtt);

> +        if (fields != 11) {

> +            continue;

> +        }

>          dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",

>                  iface, tswap32(dest), tswap32(gw), flags, refcnt, use,

>                  metric, tswap32(mask), mtu, window, irtt);

> 



Applied to my linux-user branch.

Thanks,
Laurent

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b5786d4fc1f..894678aa8b4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6762,9 +6762,15 @@  static int open_net_route(void *cpu_env, int fd)
         char iface[16];
         uint32_t dest, gw, mask;
         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
-        sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
-                     iface, &dest, &gw, &flags, &refcnt, &use, &metric,
-                     &mask, &mtu, &window, &irtt);
+        int fields;
+
+        fields = sscanf(line,
+                        "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
+                        iface, &dest, &gw, &flags, &refcnt, &use, &metric,
+                        &mask, &mtu, &window, &irtt);
+        if (fields != 11) {
+            continue;
+        }
         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
                 metric, tswap32(mask), mtu, window, irtt);

linux-user: Check sscanf return value in open_net_route()

Commit Message

Comments

Patch