diff options
| author | Stephen Hemminger <stephen@networkplumber.org> | 2023-05-08 20:17:50 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen@networkplumber.org> | 2023-05-13 19:02:41 -0700 |
| commit | c90d25e96b010c5837b5db9eaa57f5063f0c2aeb (patch) | |
| tree | 550019de652cf7959460a3d8840f6e845dfc7595 | |
| parent | 33722349feb9ac8ea77cf658f79940a42261f44d (diff) | |
| download | iproute2-c90d25e96b010c5837b5db9eaa57f5063f0c2aeb.tar.gz | |
tc/prio: handle possible truncated kernel response
Reported by -fanalyzer. If kernel did not send full qdisc
info, then uninitialized or null data could be referenced.
q_prio.c: In function ‘prio_print_opt’:
q_prio.c:105:57: warning: dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference]
105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| ~~~~^~~~~~~
‘prio_print_opt’: event 1
|
| 98 | if (opt == NULL)
| | ^
| | |
| | (1) following ‘false’ branch (when ‘opt’ is non-NULL)...
|
‘prio_print_opt’: event 2
|
|../include/uapi/linux/rtnetlink.h:228:38:
| 228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
| | ~~~~~~^~~~~~~~~~
| | |
| | (2) ...to here
../include/libnetlink.h:236:19: note: in expansion of macro ‘RTA_PAYLOAD’
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
| | ^~~~~~~~~~~
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: event 3
|
|../include/libnetlink.h:236:59:
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: events 4-5
|
| 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| | ~~~~^~~~~~~
| | |
| | (4) ...to here
| | (5) dereference of NULL ‘<unknown>’
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
| -rw-r--r-- | tc/q_prio.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tc/q_prio.c b/tc/q_prio.c index c8c6477e1..a3781ffe8 100644 --- a/tc/q_prio.c +++ b/tc/q_prio.c @@ -101,6 +101,8 @@ int prio_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt) if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt, sizeof(*qopt))) return -1; + if (qopt == NULL) + return -1; /* missing data from kernel */ print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands); open_json_array(PRINT_ANY, "priomap"); |