diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2023-11-07 12:04:33 +0100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2023-11-07 12:24:27 +0100 |
| commit | 9494a51a4e079f4aead3e07a6bdf1c43b4516133 (patch) | |
| tree | 1b7d57686372911ad0c6dbcc60cde7ef5085d128 | |
| parent | b94462296937f59e3750e1c35b80b69a67a535af (diff) | |
| download | passt-9494a51a4e079f4aead3e07a6bdf1c43b4516133.tar passt-9494a51a4e079f4aead3e07a6bdf1c43b4516133.tar.gz passt-9494a51a4e079f4aead3e07a6bdf1c43b4516133.tar.bz2 passt-9494a51a4e079f4aead3e07a6bdf1c43b4516133.tar.lz passt-9494a51a4e079f4aead3e07a6bdf1c43b4516133.tar.xz passt-9494a51a4e079f4aead3e07a6bdf1c43b4516133.tar.zst passt-9494a51a4e079f4aead3e07a6bdf1c43b4516133.zip | |
port_fwd: Don't try to read bound ports from invalid file handles
This is a minimal fix for what would be reported by Coverity as
"Improper use of negative value" (CWE-394): port_fwd_init() doesn't
guarantee that all the pre-opened file handles are actually valid.
We should probably warn on failing open() and open_in_ns() in
port_fwd_init(), too, but that's outside the scope of this minimal
fix.
Before commit 5a0485425bc9 ("port_fwd: Pre-open /proc/net/* files
rather than on-demand"), we used to have a single open() call and
a check after it.
Fixes: 5a0485425bc9 ("port_fwd: Pre-open /proc/net/* files rather than on-demand")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | port_fwd.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -45,6 +45,9 @@ static void procfs_scan_listen(int fd, unsigned int lstate, unsigned int state; char *line; + if (fd < 0) + return; + if (lseek(fd, 0, SEEK_SET)) { warn("lseek() failed on /proc/net file: %s", strerror(errno)); return; |