From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning
Date: Fri, 25 Mar 2022 15:48:07 +0100 [thread overview]
Message-ID: <20220325144807.18049-1-phil@nwl.cc> (raw)
It doesn't like how memset() is called for a struct nfnlhdr pointer with
large size value. Pass void pointers instead. This also removes the call
from __build_{expect,conntrack}() which is duplicate in
__build_query_{exp,ct}() code-path.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/conntrack/api.c | 4 +++-
src/conntrack/build.c | 2 --
src/expect/api.c | 4 +++-
src/expect/build.c | 2 --
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index b7f64fb43ce83..7f72d07f2e7f6 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
assert(req != NULL);
assert(ct != NULL);
+ memset(req, 0, size);
+
return __build_conntrack(ssh, req, size, type, flags, ct);
}
@@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
assert(data != NULL);
assert(req != NULL);
- memset(req, 0, size);
+ memset(buffer, 0, size);
switch(qt) {
case NFCT_Q_CREATE:
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index b5a7061d53698..f80cfc12d5e38 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -27,8 +27,6 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
return -1;
}
- memset(req, 0, size);
-
buf = (char *)&req->nlh;
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type;
diff --git a/src/expect/api.c b/src/expect/api.c
index 39cd09249684c..b100c72ded50e 100644
--- a/src/expect/api.c
+++ b/src/expect/api.c
@@ -513,6 +513,8 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
assert(req != NULL);
assert(exp != NULL);
+ memset(req, 0, size);
+
return __build_expect(ssh, req, size, type, flags, exp);
}
@@ -546,7 +548,7 @@ __build_query_exp(struct nfnl_subsys_handle *ssh,
assert(data != NULL);
assert(req != NULL);
- memset(req, 0, size);
+ memset(buffer, 0, size);
switch(qt) {
case NFCT_Q_CREATE:
diff --git a/src/expect/build.c b/src/expect/build.c
index 2e0f968f36dad..1807adce26f62 100644
--- a/src/expect/build.c
+++ b/src/expect/build.c
@@ -29,8 +29,6 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
else
return -1;
- memset(req, 0, size);
-
buf = (char *)&req->nlh;
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type;
--
2.34.1
next reply other threads:[~2022-03-25 14:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-25 14:48 Phil Sutter [this message]
2022-03-29 21:26 ` [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220325144807.18049-1-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).