aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2022-09-19 22:04:16 +0200
committerStefano Brivio <sbrivio@redhat.com>2022-09-22 16:54:01 +0200
commitd30bde3181a3d3aac406a15fd6c905612c8e416c (patch)
tree889edef91b3cbb5fa0ae63f0d38380a2a6255d40
parenta39398e840cfc7b8608cab10e30efeab3188db2e (diff)
downloadpasst-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar
passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.gz
passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.bz2
passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.lz
passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.xz
passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.tar.zst
passt-d30bde3181a3d3aac406a15fd6c905612c8e416c.zip
tap: Check return value of accept4() before calling getsockopt()
Reported by Coverity (CWE-119): Negative value used as argument to a function expecting a positive value (for example, size of buffer or allocation) and harmless, because getsockopt() would return -EBADF if the socket is -1, so we wouldn't print anything. Check if accept4() returns a valid socket before calling getsockopt() on it. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r--tap.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/tap.c b/tap.c
index 3231da7..4d7422f 100644
--- a/tap.c
+++ b/tap.c
@@ -872,11 +872,13 @@ static void tap_sock_unix_new(struct ctx *c)
int discard = accept4(c->fd_tap_listen, NULL, NULL,
SOCK_NONBLOCK);
+ if (discard == -1)
+ return;
+
if (!getsockopt(discard, SOL_SOCKET, SO_PEERCRED, &ucred, &len))
info("discarding connection from PID %i", ucred.pid);
- if (discard != -1)
- close(discard);
+ close(discard);
return;
}