diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2022-09-19 22:04:16 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-09-22 16:54:01 +0200 |
| commit | d30bde3181a3d3aac406a15fd6c905612c8e416c (patch) | |
| tree | 889edef91b3cbb5fa0ae63f0d38380a2a6255d40 | |
| parent | a39398e840cfc7b8608cab10e30efeab3188db2e (diff) | |
| download | passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.gz passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.bz2 passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.lz passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.xz passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.zst passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.zip | |
tap: Check return value of accept4() before calling getsockopt()
Reported by Coverity (CWE-119):
Negative value used as argument to a function expecting a
positive value (for example, size of buffer or allocation)
and harmless, because getsockopt() would return -EBADF if the
socket is -1, so we wouldn't print anything.
Check if accept4() returns a valid socket before calling getsockopt()
on it.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
| -rw-r--r-- | tap.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -872,11 +872,13 @@ static void tap_sock_unix_new(struct ctx *c) int discard = accept4(c->fd_tap_listen, NULL, NULL, SOCK_NONBLOCK); + if (discard == -1) + return; + if (!getsockopt(discard, SOL_SOCKET, SO_PEERCRED, &ucred, &len)) info("discarding connection from PID %i", ucred.pid); - if (discard != -1) - close(discard); + close(discard); return; } |