|
|
735424 |
From 883bc7739f467000f1ccb00b5d0e383c7289dcc0 Mon Sep 17 00:00:00 2001
|
|
|
735424 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
735424 |
Date: Fri, 25 Mar 2022 14:55:53 +0100
|
|
|
735424 |
Subject: [PATCH] expect/conntrack: Avoid spurious covscan overrun warning
|
|
|
735424 |
|
|
|
735424 |
It doesn't like how memset() is called for a struct nfnlhdr pointer with
|
|
|
735424 |
large size value. Pass void pointers instead. This also removes the call
|
|
|
735424 |
from __build_{expect,conntrack}() which is duplicate in
|
|
|
735424 |
__build_query_{exp,ct}() code-path.
|
|
|
735424 |
|
|
|
735424 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
735424 |
(cherry picked from commit 86f5bdc2a85b208053e7361ccd575e4eb3c853a3)
|
|
|
735424 |
---
|
|
|
735424 |
src/conntrack/api.c | 4 +++-
|
|
|
735424 |
src/conntrack/build.c | 2 --
|
|
|
735424 |
src/expect/api.c | 4 +++-
|
|
|
735424 |
src/expect/build.c | 2 --
|
|
|
735424 |
4 files changed, 6 insertions(+), 6 deletions(-)
|
|
|
735424 |
|
|
|
735424 |
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
|
|
|
735424 |
index b7f64fb43ce83..7f72d07f2e7f6 100644
|
|
|
735424 |
--- a/src/conntrack/api.c
|
|
|
735424 |
+++ b/src/conntrack/api.c
|
|
|
735424 |
@@ -779,6 +779,8 @@ int nfct_build_conntrack(struct nfnl_subsys_handle *ssh,
|
|
|
735424 |
assert(req != NULL);
|
|
|
735424 |
assert(ct != NULL);
|
|
|
735424 |
|
|
|
735424 |
+ memset(req, 0, size);
|
|
|
735424 |
+
|
|
|
735424 |
return __build_conntrack(ssh, req, size, type, flags, ct);
|
|
|
735424 |
}
|
|
|
735424 |
|
|
|
735424 |
@@ -812,7 +814,7 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
|
|
|
735424 |
assert(data != NULL);
|
|
|
735424 |
assert(req != NULL);
|
|
|
735424 |
|
|
|
735424 |
- memset(req, 0, size);
|
|
|
735424 |
+ memset(buffer, 0, size);
|
|
|
735424 |
|
|
|
735424 |
switch(qt) {
|
|
|
735424 |
case NFCT_Q_CREATE:
|
|
|
735424 |
diff --git a/src/conntrack/build.c b/src/conntrack/build.c
|
|
|
735424 |
index b5a7061d53698..f80cfc12d5e38 100644
|
|
|
735424 |
--- a/src/conntrack/build.c
|
|
|
735424 |
+++ b/src/conntrack/build.c
|
|
|
735424 |
@@ -27,8 +27,6 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh,
|
|
|
735424 |
return -1;
|
|
|
735424 |
}
|
|
|
735424 |
|
|
|
735424 |
- memset(req, 0, size);
|
|
|
735424 |
-
|
|
|
735424 |
buf = (char *)&req->nlh;
|
|
|
735424 |
nlh = mnl_nlmsg_put_header(buf);
|
|
|
735424 |
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | type;
|
|
|
735424 |
diff --git a/src/expect/api.c b/src/expect/api.c
|
|
|
735424 |
index 39cd09249684c..b100c72ded50e 100644
|
|
|
735424 |
--- a/src/expect/api.c
|
|
|
735424 |
+++ b/src/expect/api.c
|
|
|
735424 |
@@ -513,6 +513,8 @@ int nfexp_build_expect(struct nfnl_subsys_handle *ssh,
|
|
|
735424 |
assert(req != NULL);
|
|
|
735424 |
assert(exp != NULL);
|
|
|
735424 |
|
|
|
735424 |
+ memset(req, 0, size);
|
|
|
735424 |
+
|
|
|
735424 |
return __build_expect(ssh, req, size, type, flags, exp);
|
|
|
735424 |
}
|
|
|
735424 |
|
|
|
735424 |
@@ -546,7 +548,7 @@ __build_query_exp(struct nfnl_subsys_handle *ssh,
|
|
|
735424 |
assert(data != NULL);
|
|
|
735424 |
assert(req != NULL);
|
|
|
735424 |
|
|
|
735424 |
- memset(req, 0, size);
|
|
|
735424 |
+ memset(buffer, 0, size);
|
|
|
735424 |
|
|
|
735424 |
switch(qt) {
|
|
|
735424 |
case NFCT_Q_CREATE:
|
|
|
735424 |
diff --git a/src/expect/build.c b/src/expect/build.c
|
|
|
735424 |
index 2e0f968f36dad..1807adce26f62 100644
|
|
|
735424 |
--- a/src/expect/build.c
|
|
|
735424 |
+++ b/src/expect/build.c
|
|
|
735424 |
@@ -29,8 +29,6 @@ int __build_expect(struct nfnl_subsys_handle *ssh,
|
|
|
735424 |
else
|
|
|
735424 |
return -1;
|
|
|
735424 |
|
|
|
735424 |
- memset(req, 0, size);
|
|
|
735424 |
-
|
|
|
735424 |
buf = (char *)&req->nlh;
|
|
|
735424 |
nlh = mnl_nlmsg_put_header(buf);
|
|
|
735424 |
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK_EXP << 8) | type;
|
|
|
735424 |
--
|
|
|
735424 |
2.38.0
|
|
|
735424 |
|