diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2022-04-05 11:51:47 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-04-07 11:44:35 +0200 |
commit | eb3d3f367ea09b89d54f177ded1e874611d1020f (patch) | |
tree | 31fea867bba5f73506352c8a1188fa1309669cd2 | |
parent | bb76470090dc21540e70c3417fe0227c5a62cce2 (diff) | |
download | passt-eb3d3f367ea09b89d54f177ded1e874611d1020f.tar passt-eb3d3f367ea09b89d54f177ded1e874611d1020f.tar.gz passt-eb3d3f367ea09b89d54f177ded1e874611d1020f.tar.bz2 passt-eb3d3f367ea09b89d54f177ded1e874611d1020f.tar.lz passt-eb3d3f367ea09b89d54f177ded1e874611d1020f.tar.xz passt-eb3d3f367ea09b89d54f177ded1e874611d1020f.tar.zst passt-eb3d3f367ea09b89d54f177ded1e874611d1020f.zip |
treewide: Argument cannot be negative, CWE-687
Actually harmless. Reported by Coverity.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | pasta.c | 25 | ||||
-rw-r--r-- | qrap.c | 10 | ||||
-rw-r--r-- | tap.c | 5 | ||||
-rw-r--r-- | util.h | 12 |
4 files changed, 30 insertions, 22 deletions
@@ -120,33 +120,24 @@ static int pasta_setup_ns(void *arg) { struct pasta_setup_ns_arg *a = (struct pasta_setup_ns_arg *)arg; char *shell; - int fd; if (!a->c->netns_only) { char buf[BUFSIZ]; snprintf(buf, BUFSIZ, "%i %i %i", 0, a->euid, 1); - fd = open("/proc/self/uid_map", O_WRONLY | O_CLOEXEC); - if (write(fd, buf, strlen(buf)) < 0) - warn("Cannot set uid_map in namespace"); - close(fd); + FWRITE("/proc/self/uid_map", buf, + "Cannot set uid_map in namespace"); - fd = open("/proc/self/setgroups", O_WRONLY | O_CLOEXEC); - if (write(fd, "deny", sizeof("deny")) < 0) - warn("Cannot write to setgroups in namespace"); - close(fd); + FWRITE("/proc/self/setgroups", "deny", + "Cannot write to setgroups in namespace"); - fd = open("/proc/self/gid_map", O_WRONLY | O_CLOEXEC); - if (write(fd, buf, strlen(buf)) < 0) - warn("Cannot set gid_map in namespace"); - close(fd); + FWRITE("/proc/self/gid_map", buf, + "Cannot set gid_map in namespace"); } - fd = open("/proc/sys/net/ipv4/ping_group_range", O_WRONLY | O_CLOEXEC); - if (write(fd, "0 0", strlen("0 0")) < 0) - warn("Cannot set ping_group_range, ICMP requests might fail"); - close(fd); + FWRITE("/proc/sys/net/ipv4/ping_group_range", "0 0", + "Cannot set ping_group_range, ICMP requests might fail"); shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh"; if (strstr(shell, "/bash")) @@ -234,16 +234,16 @@ int main(int argc, char **argv) valid_args: for (i = 1; i < UNIX_SOCK_MAX; i++) { s = socket(AF_UNIX, SOCK_STREAM, 0); - if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv))) - perror("setsockopt SO_RCVTIMEO"); - if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv))) - perror("setsockopt SO_SNDTIMEO"); - if (s < 0) { perror("socket"); exit(EXIT_FAILURE); } + if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv))) + perror("setsockopt SO_RCVTIMEO"); + if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv))) + perror("setsockopt SO_SNDTIMEO"); + snprintf(addr.sun_path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i); if (connect(s, (const struct sockaddr *)&addr, sizeof(addr))) perror("connect"); @@ -803,6 +803,11 @@ static void tap_sock_unix_init(struct ctx *c) snprintf(path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i); ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0); + if (ex < 0) { + perror("UNIX domain socket check"); + exit(EXIT_FAILURE); + } + ret = connect(ex, (const struct sockaddr *)&addr, sizeof(addr)); if (!ret || (errno != ENOENT && errno != ECONNREFUSED)) { if (*c->sock_path) { @@ -58,6 +58,18 @@ void trace_init(int enable); #define TMPDIR "/tmp" #endif +#define FWRITE(path, buf, str) \ + do { \ + int flags = O_WRONLY | O_CLOEXEC; \ + int fd = open(path, flags); \ + \ + if (fd < 0 || \ + write(fd, buf, strlen(buf)) != (int)strlen(buf)) \ + warn(str); \ + if (fd >= 0) \ + close(fd); \ + } while (0) + #define V4 0 #define V6 1 #define IP_VERSIONS 2 |