applied patch to fix static analysis errors
https://github.com/libnet/libnet/pull/170 Signed-off-by: Adrian Reber <areber@redhat.com>
This commit is contained in:
Adrian Reber
parent
dbbd878463
commit
23330337e4
100
170.patch
Normal file
100
170.patch
Normal file
@ -0,0 +1,100 @@
|
||||
From 79e4b9df5bfa5e5fbaa9f3ad78ff677bf165611f Mon Sep 17 00:00:00 2001
|
||||
From: Adrian Reber <areber@redhat.com>
|
||||
Date: Wed, 7 Aug 2024 11:06:19 +0200
|
||||
Subject: [PATCH 1/2] libnet_if_addr.c: fix 'Using uninitialized value "rc".'
|
||||
|
||||
This fixes static code analysis report:
|
||||
|
||||
1. libnet-1.3/src/libnet_if_addr.c:551:5: var_decl: Declaring variable "rc" without initializer.
|
||||
8. libnet-1.3/src/libnet_if_addr.c:626:5: uninit_use: Using uninitialized value "rc".
|
||||
# 624| }
|
||||
# 625|
|
||||
# 626|-> return rc;
|
||||
# 627| }
|
||||
# 628|
|
||||
|
||||
The code was jumping to the 'end' label without setting rc to anything.
|
||||
Doing 'return rc' will indeed return an uninitialized value for some
|
||||
cases.
|
||||
|
||||
This commit removed the 'bad' label and in an error case always jumps to
|
||||
'end' with rc initialized to -1.
|
||||
|
||||
Signed-off-by: Adrian Reber <areber@redhat.com>
|
||||
---
|
||||
src/libnet_if_addr.c | 8 +++-----
|
||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/libnet_if_addr.c b/src/libnet_if_addr.c
|
||||
index e0e8b6d4..ab8530c7 100644
|
||||
--- a/src/libnet_if_addr.c
|
||||
+++ b/src/libnet_if_addr.c
|
||||
@@ -548,7 +548,8 @@ libnet_select_device(libnet_t *l)
|
||||
{
|
||||
struct libnet_ifaddr_list *address_list = NULL, *al;
|
||||
uint32_t addr;
|
||||
- int c, i, rc;
|
||||
+ int rc = -1;
|
||||
+ int c, i;
|
||||
|
||||
if (l == NULL)
|
||||
{
|
||||
@@ -600,7 +601,7 @@ libnet_select_device(libnet_t *l)
|
||||
if (i <= 0)
|
||||
{
|
||||
snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): can't find interface for IP %s", __func__, l->device);
|
||||
- goto bad;
|
||||
+ goto end;
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -610,9 +611,6 @@ libnet_select_device(libnet_t *l)
|
||||
|
||||
good:
|
||||
rc = 1;
|
||||
- goto end;
|
||||
-bad:
|
||||
- rc = -1;
|
||||
end:
|
||||
if (address_list) {
|
||||
for (i = 0; i < c; i++)
|
||||
|
||||
From ec512f5ea21deabc9631efffb0acfb3e345107bc Mon Sep 17 00:00:00 2001
|
||||
From: Adrian Reber <areber@redhat.com>
|
||||
Date: Wed, 7 Aug 2024 11:15:23 +0200
|
||||
Subject: [PATCH 2/2] libnet_build_udld.c: fix 'Using uninitialized value "p"
|
||||
when calling "libnet_pblock_delete"'
|
||||
|
||||
Static code analysis reported:
|
||||
|
||||
1. libnet-1.3/src/libnet_build_udld.c:11:5: var_decl: Declaring variable "p" without initializer.
|
||||
4. libnet-1.3/src/libnet_build_udld.c:119:5: uninit_use_in_call: Using uninitialized value "p" when calling "libnet_pblock_delete".
|
||||
# 117| return libnet_pblock_update(l, p, h, pblock_type);
|
||||
# 118| bad:
|
||||
# 119|-> libnet_pblock_delete(l, p);
|
||||
# 120| return (-1);
|
||||
# 121| }
|
||||
|
||||
The function libnet_pblock_delete() checks if p is not NULL, but it is
|
||||
called before 'p' is uninitialized and it might point to some random
|
||||
location. Setting it to NULL will skip running libnet_pblock_delete()
|
||||
cleanup code on a random memory address.
|
||||
|
||||
Signed-off-by: Adrian Reber <areber@redhat.com>
|
||||
---
|
||||
src/libnet_build_udld.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libnet_build_udld.c b/src/libnet_build_udld.c
|
||||
index 731cffe8..315e6ac5 100644
|
||||
--- a/src/libnet_build_udld.c
|
||||
+++ b/src/libnet_build_udld.c
|
||||
@@ -8,7 +8,7 @@ const uint8_t value_s, libnet_t * l, libnet_ptag_t ptag)
|
||||
{
|
||||
struct libnet_udld_hdr hdr;
|
||||
uint32_t n, h;
|
||||
- libnet_pblock_t *p;
|
||||
+ libnet_pblock_t *p = NULL;
|
||||
|
||||
hdr.tlv__type = tlv_type;
|
||||
hdr.tlv__length = LIBNET_UDLD_TLV_HDR_SIZE + value_s;
|
||||
@ -1,11 +1,12 @@
|
||||
Summary: C library for portable packet creation and injection
|
||||
Name: libnet
|
||||
Version: 1.3
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
License: BSD-2-Clause AND BSD-3-Clause
|
||||
URL: https://github.com/libnet/libnet
|
||||
Source0: https://github.com/libnet/libnet/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
||||
Patch0: libnet-config.patch
|
||||
Patch1: https://github.com/libnet/libnet/pull/170.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: %{_bindir}/pod2man
|
||||
@ -46,6 +47,7 @@ developing applications that use libnet.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch -P 0 -p1
|
||||
%patch -P 1 -p1
|
||||
# Avoid library soname bump (https://github.com/libnet/libnet/issues/115)
|
||||
sed -e 's/-version-info 9:0:0/-version-info 9:0:8/' -i src/Makefile.{am,in}
|
||||
|
||||
@ -96,6 +98,10 @@ done
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Aug 07 2024 Adrian Reber <areber@redhat.com> - 1.3-6
|
||||
- applied patch to fix static analysis errors
|
||||
https://github.com/libnet/libnet/pull/170
|
||||
|
||||
* Tue Aug 06 2024 Adrian Reber <areber@redhat.com> - 1.3-5
|
||||
- copy gating.yaml from c9s
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user