From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BCFADC433E0 for ; Thu, 14 Jan 2021 14:37:34 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4EEB923A5E for ; Thu, 14 Jan 2021 14:37:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4EEB923A5E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kaod.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([::1]:58684 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l03kj-0002Pw-A0 for qemu-devel@archiver.kernel.org; Thu, 14 Jan 2021 09:37:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:38878) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l03fx-0007Ui-H3 for qemu-devel@nongnu.org; Thu, 14 Jan 2021 09:32:37 -0500 Received: from 1.mo52.mail-out.ovh.net ([178.32.96.117]:55178) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l03fv-0004Oo-At for qemu-devel@nongnu.org; Thu, 14 Jan 2021 09:32:37 -0500 Received: from mxplan5.mail.ovh.net (unknown [10.108.20.240]) by mo52.mail-out.ovh.net (Postfix) with ESMTPS id 11642235657; Thu, 14 Jan 2021 15:32:32 +0100 (CET) Received: from kaod.org (37.59.142.103) by DAG8EX1.mxp5.local (172.16.2.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Thu, 14 Jan 2021 15:32:31 +0100 Authentication-Results: garm.ovh; auth=pass (GARM-103G005ba6c027d-1f3c-4063-8e58-8831eb6f4d25, 0A7C53367AF3A9CD096E542ECC3C8B2C2D100868) smtp.auth=groug@kaod.org X-OVh-ClientIp: 82.253.208.248 Date: Thu, 14 Jan 2021 15:32:30 +0100 From: Greg Kurz To: Christian Schoenebeck Subject: Re: [PATCH] 9pfs/proxy: Check return value of proxy_marshal() Message-ID: <20210114153230.79a6b7af@bahia.lan> In-Reply-To: <2260349.uzTyekElz3@silver> References: <161035859647.1221144.4691749806675653934.stgit@bahia.lan> <2260349.uzTyekElz3@silver> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [37.59.142.103] X-ClientProxiedBy: DAG8EX2.mxp5.local (172.16.2.72) To DAG8EX1.mxp5.local (172.16.2.71) X-Ovh-Tracer-GUID: c5965d7b-567e-4697-bbbd-eb3d560146bb X-Ovh-Tracer-Id: 6196671615641033181 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduledrtddtgdegtdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkjghfofggtgfgihesthejredtredtvdenucfhrhhomhepifhrvghgucfmuhhriicuoehgrhhouhhgsehkrghougdrohhrgheqnecuggftrfgrthhtvghrnhepfedutdeijeejveehkeeileetgfelteekteehtedtieefffevhffflefftdefleejnecukfhppedtrddtrddtrddtpdefjedrheelrddugedvrddutdefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpqdhouhhtpdhhvghlohepmhigphhlrghnhedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpehgrhhouhhgsehkrghougdrohhrghdprhgtphhtthhopehpvghtvghrrdhmrgihuggvlhhlsehlihhnrghrohdrohhrgh Received-SPF: pass client-ip=178.32.96.117; envelope-from=groug@kaod.org; helo=1.mo52.mail-out.ovh.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On Mon, 11 Jan 2021 14:15:17 +0100 Christian Schoenebeck wrote: > On Montag, 11. Januar 2021 10:49:56 CET Greg Kurz wrote: > > This should always successfully write exactly two 32-bit integers. > > Make it clear with an assert(), like v9fs_receive_status() and > > v9fs_receive_response() already do when unmarshalling the same > > header. > > > > Fixes: Coverity CID 1438968 > > Signed-off-by: Greg Kurz > > Reviewed-by: Christian Schoenebeck > > What's your workload Greg, are you able to push this through your queue? > I'll take care of the security issue first, likely later today or tomorrow. It is generally recommended to have separate PRs for CVEs, in order to ease the backport effort of downstream vendors. No hurry for this patch though. It isn't even a bug fix : we really can't get an error at this point since previous calls to proxy_marshal() in this function obviously succeeded at writing stuff at higher offsets... So this is really a cosmetic only change to make Coverity happy. I might be able to send a PR with this next week or the week after I guess. > It's time that I signup for coverity. I'm doing that now before I forget it > again. > > > --- > > hw/9pfs/9p-proxy.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c > > index 6f598a0f111c..4aa4e0a3baa0 100644 > > --- a/hw/9pfs/9p-proxy.c > > +++ b/hw/9pfs/9p-proxy.c > > @@ -537,7 +537,8 @@ static int v9fs_request(V9fsProxy *proxy, int type, void > > *response, ...) } > > > > /* marshal the header details */ > > - proxy_marshal(iovec, 0, "dd", header.type, header.size); > > + retval = proxy_marshal(iovec, 0, "dd", header.type, header.size); > > + assert(retval == 4 * 2); > > header.size += PROXY_HDR_SZ; > > > > retval = qemu_write_full(proxy->sockfd, iovec->iov_base, header.size); > > Best regards, > Christian Schoenebeck > >