[Swan-dev] [PATCH libreswan] netlink: Silence negative shift coverity false warning
Antony Antony
antony at phenome.org
Thu Aug 31 20:36:39 UTC 2017
Hi Aviv,
thanks for trying to fix the issue. However, this patch introduce more
problems.
netlink_esp_hw_offload = UINT_MAX or UINT_MAX-1
netlink_esp_hw_offload + 32 would overflow.
** CID 1455227: (INTEGER_OVERFLOW)
/programs/pluto/kernel_netlink.c: 932 in netlink_detect_offload()
/programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload()
/programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload()
________________________________________________________________________________________________________
*** CID 1455227: (INTEGER_OVERFLOW)
/programs/pluto/kernel_netlink.c: 932 in netlink_detect_offload()
926
927 cmd = alloc_bytes(sizeof(*cmd) + sizeof(cmd->features[0]) * blocks, "ethtool_gfeatures");
928 jam_str(ifr.ifr_name, sizeof(ifr.ifr_name), ifname);
929 ifr.ifr_data = (void *)cmd;
930 cmd->cmd = ETHTOOL_GFEATURES;
931 cmd->size = blocks;
>>> CID 1455227: (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "blocks - 1" used as array index.
932 if ((ioctl(netlinkfd, SIOCETHTOOL, &ifr) == 0) &&
933 (cmd->features[blocks-1].active & feature_bit))
934 ret = IFNO_SUPPORTED;
935
936 pfree(cmd);
937
/programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload()
918 netlink_find_offload_feature(ifname);
919
920 if (netlink_esp_hw_offload == NIC_OFFLOAD_UNSUPPORTED)
921 return ret;
922
923 /* Feature is supported by kernel. Query device features */
>>> CID 1455227: (INTEGER_OVERFLOW)
>>> Add operation overflows on operands "netlink_esp_hw_offload" and "31U".
924 blocks = (netlink_esp_hw_offload + 31) / 32;
925 feature_bit = 1 << (netlink_esp_hw_offload % 31);
926
927 cmd = alloc_bytes(sizeof(*cmd) + sizeof(cmd->features[0]) * blocks, "ethtool_gfeatures");
928 jam_str(ifr.ifr_name, sizeof(ifr.ifr_name), ifname);
929 ifr.ifr_data = (void *)cmd;
/programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload()
918 netlink_find_offload_feature(ifname);
919
920 if (netlink_esp_hw_offload == NIC_OFFLOAD_UNSUPPORTED)
921 return ret;
922
923 /* Feature is supported by kernel. Query device features */
>>> CID 1455227: (INTEGER_OVERFLOW)
>>> Add operation overflows on operands "netlink_esp_hw_offload" and "31U".
924 blocks = (netlink_esp_hw_offload + 31) / 32;
925 feature_bit = 1 << (netlink_esp_hw_offload % 31);
926
927 cmd = alloc_bytes(sizeof(*cmd) + sizeof(cmd->features[0]) * blocks, "ethtool_gfeatures");
928 jam_str(ifr.ifr_name, sizeof(ifr.ifr_name), ifname);
929 ifr.ifr_data = (void *)cmd;
On Thu, Aug 31, 2017 at 06:24:07PM +0300, avivh at mellanox.com wrote:
> From: Aviv Heller <avivh at mellanox.com>
>
> Use an unsigned type instead.
>
> Signed-off-by: Aviv Heller <avivh at mellanox.com>
> ---
> programs/pluto/kernel_netlink.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/programs/pluto/kernel_netlink.c b/programs/pluto/kernel_netlink.c
> index b12d19b..c8f7bfd 100644
> --- a/programs/pluto/kernel_netlink.c
> +++ b/programs/pluto/kernel_netlink.c
> @@ -96,14 +96,14 @@
> /* Minimum priority number in SPD used by pluto. */
> #define MIN_SPD_PRIORITY 1024
>
> -#define NIC_OFFLOAD_UNKNOWN (-2)
> -#define NIC_OFFLOAD_UNSUPPORTED (-1)
> +#define NIC_OFFLOAD_UNKNOWN (UINT_MAX)
> +#define NIC_OFFLOAD_UNSUPPORTED (UINT_MAX - 1)
>
> static int netlinkfd = NULL_FD;
> static int netlink_bcast_fd = NULL_FD;
>
> #ifdef USE_NIC_OFFLOAD
> -static int netlink_esp_hw_offload = NIC_OFFLOAD_UNKNOWN;
> +static unsigned int netlink_esp_hw_offload = NIC_OFFLOAD_UNKNOWN;
> #endif
>
> #define NE(x) { x, #x } /* Name Entry -- shorthand for sparse_names */
> --
> 1.8.3.1
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list