From 9494a51a4e079f4aead3e07a6bdf1c43b4516133 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Tue, 7 Nov 2023 12:04:33 +0100 Subject: port_fwd: Don't try to read bound ports from invalid file handles This is a minimal fix for what would be reported by Coverity as "Improper use of negative value" (CWE-394): port_fwd_init() doesn't guarantee that all the pre-opened file handles are actually valid. We should probably warn on failing open() and open_in_ns() in port_fwd_init(), too, but that's outside the scope of this minimal fix. Before commit 5a0485425bc9 ("port_fwd: Pre-open /proc/net/* files rather than on-demand"), we used to have a single open() call and a check after it. Fixes: 5a0485425bc9 ("port_fwd: Pre-open /proc/net/* files rather than on-demand") Signed-off-by: Stefano Brivio --- port_fwd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/port_fwd.c b/port_fwd.c index fc4d5cb..eac8d2f 100644 --- a/port_fwd.c +++ b/port_fwd.c @@ -45,6 +45,9 @@ static void procfs_scan_listen(int fd, unsigned int lstate, unsigned int state; char *line; + if (fd < 0) + return; + if (lseek(fd, 0, SEEK_SET)) { warn("lseek() failed on /proc/net file: %s", strerror(errno)); return; -- cgit v1.2.3