[Swan-dev] [PATCH libreswan] netlink: Silence negative shift coverity false warning
Aviv Heller
aviv at avivh.com
Mon Sep 4 13:38:25 UTC 2017
On 8/31/2017 11:36 PM, Antony Antony wrote:
> Hi Aviv,
>
> thanks for trying to fix the issue. However, this patch introduce more
> problems.
>
> netlink_esp_hw_offload = UINT_MAX or UINT_MAX-1
> netlink_esp_hw_offload + 32 would overflow.
>
> ** CID 1455227: (INTEGER_OVERFLOW)
> /programs/pluto/kernel_netlink.c: 932 in netlink_detect_offload()
> /programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload()
> /programs/pluto/kernel_netlink.c: 924 in netlink_detect_offload()
Hi Antony,
Thanks for testing the patch.
> 920 if (netlink_esp_hw_offload == NIC_OFFLOAD_UNSUPPORTED)
> 921 return ret;
> 922
> 923 /* Feature is supported by kernel. Query device features */
>>>> CID 1455227: (INTEGER_OVERFLOW)
>>>> Add operation overflows on operands "netlink_esp_hw_offload"
and "31U".
> 924 blocks = (netlink_esp_hw_offload + 31) / 32;
> 925 feature_bit = 1 << (netlink_esp_hw_offload % 31);
Coverity doesn't recognize that this flow can't be reached if
(netlink_esp_hw_offload == NIC_OFFLOAD_UNKNOWN) ||
(netlink_esp_hw_offload == NIC_OFFLOAD_UNSUPPORTED).
Another way to silence the original warning is to cast
netlink_esp_hw_offload to unsigned prior to shifting.
Sending v2 in a few minutes.
Thanks,
Aviv
More information about the Swan-dev
mailing list