40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
|
From 65d8d329620973319b577e9a1b0ffad528a4df1f Mon Sep 17 00:00:00 2001
|
||
|
From: Stefano Brivio <sbrivio@redhat.com>
|
||
|
Date: Mon, 27 Feb 2023 03:05:26 +0100
|
||
|
Subject: [PATCH 05/20] tcp: Avoid false (but convoluted) positive Coverity
|
||
|
CWE-476 warning
|
||
|
|
||
|
If there are no TCP options in the header, tcp_tap_handler() will
|
||
|
pass the corresponding pointer, fetched via packet_get(), as NULL to
|
||
|
tcp_conn_from_sock_finish(), which in turn indirectly calls
|
||
|
tcp_opt_get().
|
||
|
|
||
|
If there are no options, tcp_opt_get() will stop right away because
|
||
|
the option length is indicated as zero. However, if the logic is
|
||
|
complicated enough to follow for static checkers, adding an explicit
|
||
|
check against NULL in tcp_opt_get() is probably a good idea.
|
||
|
|
||
|
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
||
|
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
|
||
|
(cherry picked from commit a1d5537741679c117b4c1a9b736ea2540a976eee)
|
||
|
---
|
||
|
tcp.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/tcp.c b/tcp.c
|
||
|
index c62fe44..a811b5e 100644
|
||
|
--- a/tcp.c
|
||
|
+++ b/tcp.c
|
||
|
@@ -1114,7 +1114,7 @@ static int tcp_opt_get(const char *opts, size_t len, uint8_t type_find,
|
||
|
{
|
||
|
uint8_t type, optlen;
|
||
|
|
||
|
- if (!len)
|
||
|
+ if (!opts || !len)
|
||
|
return -1;
|
||
|
|
||
|
for (; len >= 2; opts += optlen, len -= optlen) {
|
||
|
--
|
||
|
2.39.2
|
||
|
|