Netdev List
 help / color / mirror / Atom feed
* [iproute PATCH v2 2/5] ifstat: Fix memleak in error case
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24435-1-phil@nwl.cc>

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 misc/ifstat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/misc/ifstat.c b/misc/ifstat.c
index a853ee6d7e3b3..8fa354265a9a1 100644
--- a/misc/ifstat.c
+++ b/misc/ifstat.c
@@ -143,8 +143,10 @@ static int get_nlmsg_extended(const struct sockaddr_nl *who,
 		struct rtattr *attr;
 
 		attr = parse_rtattr_one_nested(sub_type, tb[filter_type]);
-		if (attr == NULL)
+		if (attr == NULL) {
+			free(n);
 			return 0;
+		}
 		memcpy(&n->val, RTA_DATA(attr), sizeof(n->val));
 	}
 	memset(&n->rate, 0, sizeof(n->rate));
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 5/5] tipc/bearer: Fix resource leak in error path
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24435-1-phil@nwl.cc>

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 tipc/bearer.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tipc/bearer.c b/tipc/bearer.c
index 810344f672af1..c3d4491f8f6ef 100644
--- a/tipc/bearer.c
+++ b/tipc/bearer.c
@@ -163,6 +163,7 @@ static int nl_add_udp_enable_opts(struct nlmsghdr *nlh, struct opt *opts,
 	if (!remip) {
 		if (generate_multicast(loc->ai_family, buf, sizeof(buf))) {
 			fprintf(stderr, "Failed to generate multicast address\n");
+			freeaddrinfo(loc);
 			return -EINVAL;
 		}
 		remip = buf;
@@ -177,6 +178,8 @@ static int nl_add_udp_enable_opts(struct nlmsghdr *nlh, struct opt *opts,
 
 	if (rem->ai_family != loc->ai_family) {
 		fprintf(stderr, "UDP local and remote AF mismatch\n");
+		freeaddrinfo(rem);
+		freeaddrinfo(loc);
 		return -EINVAL;
 	}
 
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 1/2] ss: Don't leak fd in tcp_show_netlink_file()
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24224-1-phil@nwl.cc>

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 misc/ss.c | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/misc/ss.c b/misc/ss.c
index d767b1103ea81..07eecfa7a36db 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -2687,41 +2687,44 @@ static int tcp_show_netlink_file(struct filter *f)
 {
 	FILE	*fp;
 	char	buf[16384];
+	int	err = -1;
 
 	if ((fp = fopen(getenv("TCPDIAG_FILE"), "r")) == NULL) {
 		perror("fopen($TCPDIAG_FILE)");
-		return -1;
+		return err;
 	}
 
 	while (1) {
-		int status, err;
+		int status, err2;
 		struct nlmsghdr *h = (struct nlmsghdr *)buf;
 		struct sockstat s = {};
 
 		status = fread(buf, 1, sizeof(*h), fp);
 		if (status < 0) {
 			perror("Reading header from $TCPDIAG_FILE");
-			return -1;
+			break;
 		}
 		if (status != sizeof(*h)) {
 			perror("Unexpected EOF reading $TCPDIAG_FILE");
-			return -1;
+			break;
 		}
 
 		status = fread(h+1, 1, NLMSG_ALIGN(h->nlmsg_len-sizeof(*h)), fp);
 
 		if (status < 0) {
 			perror("Reading $TCPDIAG_FILE");
-			return -1;
+			break;
 		}
 		if (status + sizeof(*h) < h->nlmsg_len) {
 			perror("Unexpected EOF reading $TCPDIAG_FILE");
-			return -1;
+			break;
 		}
 
 		/* The only legal exit point */
-		if (h->nlmsg_type == NLMSG_DONE)
-			return 0;
+		if (h->nlmsg_type == NLMSG_DONE) {
+			err = 0;
+			break;
+		}
 
 		if (h->nlmsg_type == NLMSG_ERROR) {
 			struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(h);
@@ -2732,7 +2735,7 @@ static int tcp_show_netlink_file(struct filter *f)
 				errno = -err->error;
 				perror("TCPDIAG answered");
 			}
-			return -1;
+			break;
 		}
 
 		parse_diag_msg(h, &s);
@@ -2741,10 +2744,15 @@ static int tcp_show_netlink_file(struct filter *f)
 		if (f && f->f && run_ssfilter(f->f, &s) == 0)
 			continue;
 
-		err = inet_show_sock(h, &s);
-		if (err < 0)
-			return err;
+		err2 = inet_show_sock(h, &s);
+		if (err2 < 0) {
+			err = err2;
+			break;
+		}
 	}
+
+	fclose(fp);
+	return err;
 }
 
 static int tcp_show(struct filter *f, int socktype)
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 1/7] ipntable: Make sure filter.name is NULL-terminated
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170932.24659-1-phil@nwl.cc>

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 ip/ipntable.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ip/ipntable.c b/ip/ipntable.c
index 879626ee4f491..7be1f04d33d90 100644
--- a/ip/ipntable.c
+++ b/ip/ipntable.c
@@ -633,7 +633,8 @@ static int ipntable_show(int argc, char **argv)
 		} else if (strcmp(*argv, "name") == 0) {
 			NEXT_ARG();
 
-			strncpy(filter.name, *argv, sizeof(filter.name));
+			strncpy(filter.name, *argv, sizeof(filter.name) - 1);
+			filter.name[sizeof(filter.name) - 1] = '\0';
 		} else
 			invarg("unknown", *argv);
 
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 2/3] iproute_lwtunnel: Argument to strerror must be positive
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170932.24812-1-phil@nwl.cc>

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 ip/iproute_lwtunnel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
index 398ab5e077ed8..1a3dc4d4c0ed9 100644
--- a/ip/iproute_lwtunnel.c
+++ b/ip/iproute_lwtunnel.c
@@ -643,7 +643,7 @@ static int lwt_parse_bpf(struct rtattr *rta, size_t len,
 	err = bpf_parse_common(bpf_type, &cfg, &bpf_cb_ops, &x);
 	if (err < 0) {
 		fprintf(stderr, "Failed to parse eBPF program: %s\n",
-			strerror(err));
+			strerror(-err));
 		return -1;
 	}
 	rta_nest_end(rta, nest);
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 7/7] tc/q_multiq: Don't pass garbage in TCA_OPTIONS
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24302-1-phil@nwl.cc>

multiq_parse_opt() doesn't change 'opt' at all. So at least make sure
it doesn't fill TCA_OPTIONS attribute with garbage from stack.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 tc/q_multiq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tc/q_multiq.c b/tc/q_multiq.c
index 7823931494563..9c09c9a7748f6 100644
--- a/tc/q_multiq.c
+++ b/tc/q_multiq.c
@@ -43,7 +43,7 @@ static void explain(void)
 static int multiq_parse_opt(struct qdisc_util *qu, int argc, char **argv,
 			    struct nlmsghdr *n)
 {
-	struct tc_multiq_qopt opt;
+	struct tc_multiq_qopt opt = {};
 
 	if (argc) {
 		if (strcmp(*argv, "help") == 0) {
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 3/7] lib/fs: Fix format string in find_fs_mount()
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170932.24659-1-phil@nwl.cc>

A field width of 4096 allows fscanf() to store that amount of characters
into the given buffer, though that doesn't include the terminating NULL
byte. Decrease the value by one to leave space for it.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 lib/fs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/fs.c b/lib/fs.c
index c59ac564581d0..1ff881ecfcd8c 100644
--- a/lib/fs.c
+++ b/lib/fs.c
@@ -45,7 +45,7 @@ static char *find_fs_mount(const char *fs_to_find)
 		return NULL;
 	}
 
-	while (fscanf(fp, "%*s %4096s %127s %*s %*d %*d\n",
+	while (fscanf(fp, "%*s %4095s %127s %*s %*d %*d\n",
 		      path, fstype) == 2) {
 		if (strcmp(fstype, fs_to_find) == 0) {
 			mnt = strdup(path);
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 5/7] ss: Skip useless check in parse_hostcond()
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24089-1-phil@nwl.cc>

The passed 'addr' parameter is dereferenced by caller before and in
parse_hostcond() multiple times before this check, so assume it is
always true.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 misc/ss.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misc/ss.c b/misc/ss.c
index f0d1c22f75cff..2debccce5260b 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -1671,7 +1671,7 @@ void *parse_hostcond(char *addr, bool is_port)
 			}
 		}
 	}
-	if (!is_port && addr && *addr && *addr != '*') {
+	if (!is_port && *addr && *addr != '*') {
 		if (get_prefix_1(&a.addr, addr, fam)) {
 			if (get_dns_host(&a, addr, fam)) {
 				fprintf(stderr, "Error: an inet prefix is expected rather than \"%s\".\n", addr);
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 1/7] ipaddress: Make buffer for filter.flushb static
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24302-1-phil@nwl.cc>

The buffer is accessed outside of the function defining it, so make it
static.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 ip/ipaddress.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index 4d37c5e045071..3c9decb51b412 100644
--- a/ip/ipaddress.c
+++ b/ip/ipaddress.c
@@ -1488,7 +1488,7 @@ static void ipaddr_filter(struct nlmsg_chain *linfo, struct nlmsg_chain *ainfo)
 static int ipaddr_flush(void)
 {
 	int round = 0;
-	char flushb[4096-512];
+	static char flushb[4096-512];
 
 	filter.flushb = flushb;
 	filter.flushp = 0;
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 7/7] tc/m_gact: Drop dead code
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24089-1-phil@nwl.cc>

The use of 'ok' variable in parse_gact() is ineffective: The second
conditional increments it either if *argv is 'gact' or if
parse_action_control() doesn't fail (in which case exit() is called).
So this is effectively an unconditional increment and since no decrement
happens anywhere, all remaining checks for 'ok != 0' can be dropped.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 tc/m_gact.c | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/tc/m_gact.c b/tc/m_gact.c
index 1a2583372c34e..df143c9e0953e 100644
--- a/tc/m_gact.c
+++ b/tc/m_gact.c
@@ -76,7 +76,6 @@ parse_gact(struct action_util *a, int *argc_p, char ***argv_p,
 {
 	int argc = *argc_p;
 	char **argv = *argv_p;
-	int ok = 0;
 	struct tc_gact p = { 0 };
 #ifdef CONFIG_GACT_PROB
 	int rd = 0;
@@ -89,17 +88,14 @@ parse_gact(struct action_util *a, int *argc_p, char ***argv_p,
 
 
 	if (matches(*argv, "gact") == 0) {
-		ok++;
 		argc--;
 		argv++;
-	} else {
-		if (parse_action_control(&argc, &argv, &p.action, false) == -1)
-			usage();
-		ok++;
+	} else if (parse_action_control(&argc, &argv, &p.action, false) == -1) {
+		usage();	/* does not return */
 	}
 
 #ifdef CONFIG_GACT_PROB
-	if (ok && argc > 0) {
+	if (argc > 0) {
 		if (matches(*argv, "random") == 0) {
 			rd = 1;
 			NEXT_ARG();
@@ -142,15 +138,11 @@ parse_gact(struct action_util *a, int *argc_p, char ***argv_p,
 			}
 			argc--;
 			argv++;
-			ok++;
 		} else if (matches(*argv, "help") == 0) {
 				usage();
 		}
 	}
 
-	if (!ok)
-		return -1;
-
 	tail = NLMSG_TAIL(n);
 	addattr_l(n, MAX_MSG, tca_id, NULL, 0);
 	addattr_l(n, MAX_MSG, TCA_GACT_PARMS, &p, sizeof(p));
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 3/3] tipc/node: Fix socket fd check in cmd_node_get_addr()
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170932.24812-1-phil@nwl.cc>

socket() returns -1 on error, not 0.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 tipc/node.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tipc/node.c b/tipc/node.c
index 201fe1a4df3bd..fe085aec9b4ac 100644
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -109,7 +109,8 @@ static int cmd_node_get_addr(struct nlmsghdr *nlh, const struct cmd *cmd,
 	socklen_t sz = sizeof(struct sockaddr_tipc);
 	struct sockaddr_tipc addr;
 
-	if (!(sk = socket(AF_TIPC, SOCK_RDM, 0))) {
+	sk = socket(AF_TIPC, SOCK_RDM, 0);
+	if (sk < 0) {
 		fprintf(stderr, "opening TIPC socket: %s\n", strerror(errno));
 		return -1;
 	}
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 0/7] Covscan: Fixes for string termination
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev

This series collects patches from v1 dealing with code potentially
leaving string buffers unterminated. This does not include situations
where it happens for parsed interface names since an overall solution
was attempted for that and it's state is still unclear due to lack of
feedback from upstream.

No changes to the actual patches, just splitting into smaller series.

Phil Sutter (7):
  ipntable: Make sure filter.name is NULL-terminated
  xfrm_state: Make sure alg_name is NULL-terminated
  lib/fs: Fix format string in find_fs_mount()
  lib/inet_proto: Make sure destination buffers are NULL-terminated
  lnstat_util: Simplify alloc_and_open() a bit
  tc/m_xt: Fix for potential string buffer overflows
  lib/ll_map: Make sure im->name is NULL-terminated

 ip/ipntable.c      | 3 ++-
 ip/xfrm_state.c    | 3 ++-
 lib/fs.c           | 2 +-
 lib/inet_proto.c   | 9 ++++++---
 lib/ll_map.c       | 4 ++--
 misc/lnstat_util.c | 7 ++-----
 tc/m_xt.c          | 7 ++++---
 7 files changed, 19 insertions(+), 16 deletions(-)

-- 
2.13.1

^ permalink raw reply

* [iproute PATCH v2 2/7] ipntable: No need to check and assign to parms_rta
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24089-1-phil@nwl.cc>

This variable is initialized at declaration and nowhere else does any
assignment to it happen, so just drop the check.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 ip/ipntable.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ip/ipntable.c b/ip/ipntable.c
index 7be1f04d33d90..30907146e85a3 100644
--- a/ip/ipntable.c
+++ b/ip/ipntable.c
@@ -202,8 +202,6 @@ static int ipntable_modify(int cmd, int flags, int argc, char **argv)
 			if (get_u32(&queue, *argv, 0))
 				invarg("\"queue\" value is invalid", *argv);
 
-			if (!parms_rta)
-				parms_rta = (struct rtattr *)&parms_buf;
 			rta_addattr32(parms_rta, sizeof(parms_buf),
 				      NDTPA_QUEUE_LEN, queue);
 			parms_change = 1;
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 2/7] ipaddress: Avoid accessing uninitialized variable lcl
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24302-1-phil@nwl.cc>

If no address was given, ipaddr_modify() accesses uninitialized data
when assigning to req.ifa.ifa_prefixlen.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 ip/ipaddress.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index 3c9decb51b412..9307c9416dde3 100644
--- a/ip/ipaddress.c
+++ b/ip/ipaddress.c
@@ -1888,7 +1888,7 @@ static int ipaddr_modify(int cmd, int flags, int argc, char **argv)
 	char  *lcl_arg = NULL;
 	char  *valid_lftp = NULL;
 	char  *preferred_lftp = NULL;
-	inet_prefix lcl;
+	inet_prefix lcl = {};
 	inet_prefix peer;
 	int local_len = 0;
 	int peer_len = 0;
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 1/5] ipvrf: Fix error path of vrf_switch()
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24435-1-phil@nwl.cc>

Apart from trying to close(-1), this also leaked memory.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 ip/ipvrf.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ip/ipvrf.c b/ip/ipvrf.c
index 0094cf8557cd7..e6fad32abd956 100644
--- a/ip/ipvrf.c
+++ b/ip/ipvrf.c
@@ -372,12 +372,12 @@ static int vrf_switch(const char *name)
 
 	/* -1 on length to add '/' to the end */
 	if (ipvrf_get_netns(netns, sizeof(netns) - 1) < 0)
-		return -1;
+		goto out;
 
 	if (vrf_path(vpath, sizeof(vpath)) < 0) {
 		fprintf(stderr, "Failed to get base cgroup path: %s\n",
 			strerror(errno));
-		return -1;
+		goto out;
 	}
 
 	/* if path already ends in netns then don't add it again */
@@ -428,13 +428,14 @@ static int vrf_switch(const char *name)
 	snprintf(pid, sizeof(pid), "%d", getpid());
 	if (write(fd, pid, strlen(pid)) < 0) {
 		fprintf(stderr, "Failed to join cgroup\n");
-		goto out;
+		goto out2;
 	}
 
 	rc = 0;
+out2:
+	close(fd);
 out:
 	free(mnt);
-	close(fd);
 
 	return rc;
 }
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 1/2] examples: Some shell fixes to cbq.init
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170932.24900-1-phil@nwl.cc>

This addresses the following issues:

- $@ is an array, so don't use it in quoted strings - use $* instead.

- Add missing quotes to components of [ ] expressions. These are not
  strictly necessary since the output of 'wc -l' should be a single word
  only, but in case of errors, bash prints "integer expression expected"
  instead of "too many arguments".

- Use -print0/-0 when piping from find to xargs to allow for filenames
  which contain whitespace.

- Quote arguments to 'eval' to prevent word-splitting.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 examples/cbq.init-v0.7.3 | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/examples/cbq.init-v0.7.3 b/examples/cbq.init-v0.7.3
index 1bc0d446f8983..66448d88f0053 100644
--- a/examples/cbq.init-v0.7.3
+++ b/examples/cbq.init-v0.7.3
@@ -532,7 +532,7 @@ cbq_off () {
 
 ### Prefixed message
 cbq_message () {
-	echo -e "**CBQ: $@"
+	echo -e "**CBQ: $*"
 } # cbq_message
 
 ### Failure message
@@ -560,15 +560,15 @@ cbq_time2abs () {
 ### Display CBQ setup
 cbq_show () {
 	for dev in `cbq_device_list`; do
-		[ `tc qdisc show dev $dev| wc -l` -eq 0 ] && continue
+		[ "`tc qdisc show dev $dev| wc -l`" -eq 0 ] && continue
 		echo -e "### $dev: queueing disciplines\n"
 		tc $1 qdisc show dev $dev; echo
 
-		[ `tc class show dev $dev| wc -l` -eq 0 ] && continue
+		[ "`tc class show dev $dev| wc -l`" -eq 0 ] && continue
 		echo -e "### $dev: traffic classes\n"
 		tc $1 class show dev $dev; echo
 
-		[ `tc filter show dev $dev| wc -l` -eq 0 ] && continue
+		[ "`tc filter show dev $dev| wc -l`" -eq 0 ] && continue
 		echo -e "### $dev: filtering rules\n"
 		tc $1 filter show dev $dev; echo
 	done
@@ -585,7 +585,7 @@ cbq_init () {
 
 	### Gather all DEVICE fields from $1/cbq-*
 	DEVFIELDS=`find $1 -maxdepth 1 \( -type f -or -type l \) -name 'cbq-*' \
-		  -not -name '*~' | xargs sed -n 's/#.*//; \
+		  -not -name '*~' -print0 | xargs -0 sed -n 's/#.*//; \
 		  s/[[:space:]]//g; /^DEVICE=[^,]*,[^,]*\(,[^,]*\)\?/ \
 		  { s/.*=//; p; }'| sort -u`
 	[ -z "$DEVFIELDS" ] &&
@@ -593,7 +593,7 @@ cbq_init () {
 
 	### Check for different DEVICE fields for the same device
 	DEVICES=`echo "$DEVFIELDS"| sed 's/,.*//'| sort -u`
-	[ `echo "$DEVICES"| wc -l` -ne `echo "$DEVFIELDS"| wc -l` ] &&
+	[ "`echo "$DEVICES"| wc -l`" -ne "`echo "$DEVFIELDS"| wc -l`" ] &&
 		cbq_failure "different DEVICE fields for single device!\n$DEVFIELDS"
 } # cbq_init
 
@@ -618,7 +618,7 @@ cbq_load_class () {
 	PRIO_MARK=$PRIO_MARK_DEFAULT
 	PRIO_REALM=$PRIO_REALM_DEFAULT
 
-	eval `echo "$CFILE"| grep -E "^($CBQ_WORDS)="`
+	eval "`echo "$CFILE"| grep -E "^($CBQ_WORDS)="`"
 
 	### Require RATE/WEIGHT
 	[ -z "$RATE" -o -z "$WEIGHT" ] &&
@@ -661,7 +661,7 @@ if [ "$1" = "compile" ]; then
 
 	### echo-only version of "tc" command
 	tc () {
-		echo "$TC $@"
+		echo "$TC $*"
 	} # tc
 
 elif [ -n "$CBQ_DEBUG" ]; then
@@ -669,13 +669,13 @@ elif [ -n "$CBQ_DEBUG" ]; then
 
 	### Logging version of "ip" command
 	ip () {
-		echo -e "\n# ip $@" >> $CBQ_DEBUG
+		echo -e "\n# ip $*" >> $CBQ_DEBUG
 		$IP "$@" 2>&1 | tee -a $CBQ_DEBUG
 	} # ip
 
 	### Logging version of "tc" command
 	tc () {
-		echo -e "\n# tc $@" >> $CBQ_DEBUG
+		echo -e "\n# tc $*" >> $CBQ_DEBUG
 		$TC "$@" 2>&1 | tee -a $CBQ_DEBUG
 	} # tc
 else
@@ -711,8 +711,8 @@ if [ "$1" != "compile" -a "$2" != "nocache" -a -z "$CBQ_DEBUG" ]; then
 	### validate the cache
 	[ "$2" = "invalidate" -o ! -f $CBQ_CACHE ] && VALID=0
 	if [ $VALID -eq 1 ]; then
-		[ `find $CBQ_PATH -maxdepth 1 -newer $CBQ_CACHE| \
-		  wc -l` -gt 0 ] && VALID=0
+		[ "`find $CBQ_PATH -maxdepth 1 -newer $CBQ_CACHE| \
+		  wc -l`" -gt 0 ] && VALID=0
 	fi
 
 	### compile the config if the cache is invalid
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 0/3] Covscan: Fixes for obvious programming mistakes
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev

This series collects those patches from v1 which are clear programming
flaws.

No changes to the actual patches, just splitting into smaller series.

Phil Sutter (3):
  iproute_lwtunnel: csum_mode value checking was ineffective
  iproute_lwtunnel: Argument to strerror must be positive
  tipc/node: Fix socket fd check in cmd_node_get_addr()

 ip/iproute_lwtunnel.c | 9 +++++----
 tipc/node.c           | 3 ++-
 2 files changed, 7 insertions(+), 5 deletions(-)

-- 
2.13.1

^ permalink raw reply

* [iproute PATCH v2 0/7] Covscan: Don't access garbage
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev

This series collects patches from v1 which resolve situations where
garbage might be read, either due to missing initialization of
variables or accessing data which went out of scope.

No changes to the actual patches, just splitting into smaller series.

Phil Sutter (7):
  ipaddress: Make buffer for filter.flushb static
  ipaddress: Avoid accessing uninitialized variable lcl
  iplink_can: Prevent overstepping array bounds
  ipmaddr: Avoid accessing uninitialized data
  ss: Use C99 initializer in netlink_show_one()
  netem/maketable: Check return value of fstat()
  tc/q_multiq: Don't pass garbage in TCA_OPTIONS

 ip/ipaddress.c    |  4 ++--
 ip/iplink_can.c   |  4 ++--
 ip/ipmaddr.c      |  2 +-
 misc/ss.c         | 13 +++++++------
 netem/maketable.c |  4 ++--
 tc/q_multiq.c     |  2 +-
 6 files changed, 15 insertions(+), 14 deletions(-)

-- 
2.13.1

^ permalink raw reply

* [iproute PATCH v2 4/5] tc/tc_filter: Make sure filter name is not empty
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24545-1-phil@nwl.cc>

The later check for 'k[0] != 0' requires a non-empty filter name,
otherwise NULL pointer dereference in 'q' might happen.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 tc/tc_filter.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tc/tc_filter.c b/tc/tc_filter.c
index b13fb9185d4fd..a799edb35886d 100644
--- a/tc/tc_filter.c
+++ b/tc/tc_filter.c
@@ -412,6 +412,9 @@ static int tc_filter_get(int cmd, unsigned int flags, int argc, char **argv)
 			usage();
 			return 0;
 		} else {
+			if (!strlen(*argv))
+				invarg("invalid filter name", *argv);
+
 			strncpy(k, *argv, sizeof(k)-1);
 
 			q = get_filter_kind(k);
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 7/7] lib/ll_map: Make sure im->name is NULL-terminated
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170932.24659-1-phil@nwl.cc>

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 lib/ll_map.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ll_map.c b/lib/ll_map.c
index 4e4556c9ac80b..4d06eb69f138a 100644
--- a/lib/ll_map.c
+++ b/lib/ll_map.c
@@ -120,11 +120,11 @@ int ll_remember_index(const struct sockaddr_nl *who,
 		return 0;
 	}
 
-	im = malloc(sizeof(*im));
+	im = calloc(1, sizeof(*im));
 	if (im == NULL)
 		return 0;
 	im->index = ifi->ifi_index;
-	strcpy(im->name, ifname);
+	strncpy(im->name, ifname, IFNAMSIZ - 1);
 	im->type = ifi->ifi_type;
 	im->flags = ifi->ifi_flags;
 
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 0/2] Covscan: Shell script fixes
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev

This series collects patches from v1 which deal with programming
mistakes in shell scripts.

No changes to the actual patches, just splitting into smaller series.

Phil Sutter (2):
  examples: Some shell fixes to cbq.init
  ifcfg: Quote left-hand side of [ ] expression

 examples/cbq.init-v0.7.3 | 24 ++++++++++++------------
 ip/ifcfg                 |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

-- 
2.13.1

^ permalink raw reply

* [iproute PATCH v2 4/7] lib/inet_proto: Make sure destination buffers are NULL-terminated
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170932.24659-1-phil@nwl.cc>

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 lib/inet_proto.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/inet_proto.c b/lib/inet_proto.c
index ceda082b12a2e..87ed4769fc3da 100644
--- a/lib/inet_proto.c
+++ b/lib/inet_proto.c
@@ -35,8 +35,10 @@ const char *inet_proto_n2a(int proto, char *buf, int len)
 	pe = getprotobynumber(proto);
 	if (pe) {
 		icache = proto;
-		strncpy(ncache, pe->p_name, 16);
-		strncpy(buf, pe->p_name, len);
+		strncpy(ncache, pe->p_name, 15);
+		ncache[15] = '\0';
+		strncpy(buf, pe->p_name, len - 1);
+		buf[len] = '\0';
 		return buf;
 	}
 	snprintf(buf, len, "ipproto-%d", proto);
@@ -62,7 +64,8 @@ int inet_proto_a2n(const char *buf)
 	pe = getprotobyname(buf);
 	if (pe) {
 		icache = pe->p_proto;
-		strncpy(ncache, pe->p_name, 16);
+		strncpy(ncache, pe->p_name, 15);
+		ncache[15] = '\0';
 		return pe->p_proto;
 	}
 	return -1;
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 4/7] ipmaddr: Avoid accessing uninitialized data
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24302-1-phil@nwl.cc>

Looks like this can only happen if /proc/net/igmp is malformed, but
better be sure.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 ip/ipmaddr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
index 4f726fdd976f1..85a69e779563d 100644
--- a/ip/ipmaddr.c
+++ b/ip/ipmaddr.c
@@ -136,7 +136,7 @@ static void read_igmp(struct ma_info **result_p)
 
 	while (fgets(buf, sizeof(buf), fp)) {
 		struct ma_info *ma;
-		size_t len;
+		size_t len = 0;
 
 		if (buf[0] != '\t') {
 			sscanf(buf, "%d%s", &m.index, m.name);
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 2/5] nstat: Fix for potential NULL pointer dereference
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev
In-Reply-To: <20170817170931.24545-1-phil@nwl.cc>

If the string at 'p' contains neither space not newline, 'p' will become
NULL. Make sure this isn't the case before dereferencing it.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 misc/nstat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misc/nstat.c b/misc/nstat.c
index a4dd405d43a93..23e1569d7872b 100644
--- a/misc/nstat.c
+++ b/misc/nstat.c
@@ -198,7 +198,7 @@ static void load_ugly_table(FILE *fp)
 		off = p - buf;
 		p += 2;
 
-		while (*p) {
+		while (p && *p) {
 			char *next;
 
 			if ((next = strchr(p, ' ')) != NULL)
-- 
2.13.1

^ permalink raw reply related

* [iproute PATCH v2 0/5] Covscan: Fix potential memory leaks
From: Phil Sutter @ 2017-08-17 17:09 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev

This series collects patches from v1 which deal with potential memory leaks.

No changes to the actual patches, just splitting into smaller series.

Phil Sutter (5):
  ipvrf: Fix error path of vrf_switch()
  ifstat: Fix memleak in error case
  ifstat: Fix memleak in dump_kern_db() for json output
  ss: Fix potential memleak in unix_stats_print()
  tipc/bearer: Fix resource leak in error path

 ip/ipvrf.c    |  9 +++++----
 misc/ifstat.c | 12 +++++++++---
 misc/ss.c     |  4 +++-
 tipc/bearer.c |  3 +++
 4 files changed, 20 insertions(+), 8 deletions(-)

-- 
2.13.1

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox