* [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning
@ 2022-03-25 14:48 Phil Sutter
2022-03-29 21:26 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Phil Sutter @ 2022-03-25 14:48 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
It doesn't like how memset() is called for a struct nfnlhdr pointer with
large size value. Pass void pointers instead. This also removes the call
from __build_{expect,conntrack}() which is duplicate in
__build_query_{exp,ct}() code-path.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/conntrack/api.c | 4 +++-
src/conntrack/build.c | 2 --
src/expect/api.c | 4 +++-
src/expect/build.c | 2 --
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index b7f64fb43ce83..7f72d07f2e7f6 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
assert(req != NULL);
assert(ct != NULL);
+ memset(req, 0, size);
+
return __build_conntrack(ssh, req, size, type, flags, ct);
}
@@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
assert(data != NULL);
assert(req != NULL);
- memset(req, 0, size);
+ memset(buffer, 0, size);
switch(qt) {
case NFCT_Q_CREATE:
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
index b5a7061d53698..f80cfc12d5e38 100644
--- a/src/conntrack/build.c
+++ b/src/conntrack/build.c
@@ -27,8 +27,6 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
return -1;
}
- memset(req, 0, size);
-
buf = (char *)&req->nlh;
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type;
diff --git a/src/expect/api.c b/src/expect/api.c
index 39cd09249684c..b100c72ded50e 100644
--- a/src/expect/api.c
+++ b/src/expect/api.c
@@ -513,6 +513,8 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
assert(req != NULL);
assert(exp != NULL);
+ memset(req, 0, size);
+
return __build_expect(ssh, req, size, type, flags, exp);
}
@@ -546,7 +548,7 @@ __build_query_exp(struct nfnl_subsys_handle *ssh,
assert(data != NULL);
assert(req != NULL);
- memset(req, 0, size);
+ memset(buffer, 0, size);
switch(qt) {
case NFCT_Q_CREATE:
diff --git a/src/expect/build.c b/src/expect/build.c
index 2e0f968f36dad..1807adce26f62 100644
--- a/src/expect/build.c
+++ b/src/expect/build.c
@@ -29,8 +29,6 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
else
return -1;
- memset(req, 0, size);
-
buf = (char *)&req->nlh;
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type;
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning
2022-03-25 14:48 [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning Phil Sutter
@ 2022-03-29 21:26 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2022-03-29 21:26 UTC (permalink / raw)
To: Phil Sutter; +Cc: netfilter-devel
On Fri, Mar 25, 2022 at 03:48:07PM +0100, Phil Sutter wrote:
> It doesn't like how memset() is called for a struct nfnlhdr pointer with
> large size value. Pass void pointers instead. This also removes the call
> from __build_{expect,conntrack}() which is duplicate in
> __build_query_{exp,ct}() code-path.
LGTM.
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> src/conntrack/api.c | 4 +++-
> src/conntrack/build.c | 2 --
> src/expect/api.c | 4 +++-
> src/expect/build.c | 2 --
> 4 files changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/src/conntrack/api.c b/src/conntrack/api.c
> index b7f64fb43ce83..7f72d07f2e7f6 100644
> --- a/src/conntrack/api.c
> +++ b/src/conntrack/api.c
> @@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
> assert(req != NULL);
> assert(ct != NULL);
>
> + memset(req, 0, size);
> +
> return __build_conntrack(ssh, req, size, type, flags, ct);
> }
>
> @@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
> assert(data != NULL);
> assert(req != NULL);
>
> - memset(req, 0, size);
> + memset(buffer, 0, size);
>
> switch(qt) {
> case NFCT_Q_CREATE:
> diff --git a/src/conntrack/build.c b/src/conntrack/build.c
> index b5a7061d53698..f80cfc12d5e38 100644
> --- a/src/conntrack/build.c
> +++ b/src/conntrack/build.c
> @@ -27,8 +27,6 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
> return -1;
> }
>
> - memset(req, 0, size);
> -
> buf = (char *)&req->nlh;
> nlh = mnl_nlmsg_put_header(buf);
> nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type;
> diff --git a/src/expect/api.c b/src/expect/api.c
> index 39cd09249684c..b100c72ded50e 100644
> --- a/src/expect/api.c
> +++ b/src/expect/api.c
> @@ -513,6 +513,8 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
> assert(req != NULL);
> assert(exp != NULL);
>
> + memset(req, 0, size);
> +
> return __build_expect(ssh, req, size, type, flags, exp);
> }
>
> @@ -546,7 +548,7 @@ __build_query_exp(struct nfnl_subsys_handle *ssh,
> assert(data != NULL);
> assert(req != NULL);
>
> - memset(req, 0, size);
> + memset(buffer, 0, size);
>
> switch(qt) {
> case NFCT_Q_CREATE:
> diff --git a/src/expect/build.c b/src/expect/build.c
> index 2e0f968f36dad..1807adce26f62 100644
> --- a/src/expect/build.c
> +++ b/src/expect/build.c
> @@ -29,8 +29,6 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
> else
> return -1;
>
> - memset(req, 0, size);
> -
> buf = (char *)&req->nlh;
> nlh = mnl_nlmsg_put_header(buf);
> nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type;
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-29 21:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-03-25 14:48 [libnetfilter_conntrack PATCH] expect/conntrack: Avoid spurious covscan overrun warning Phil Sutter
2022-03-29 21:26 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).