From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH 15/16] udp: Out-of-bounds read, CWE-125 in udp_timer()
Date: Tue, 05 Apr 2022 19:05:13 +0200 [thread overview]
Message-ID: <20220405170514.2963773-16-sbrivio@redhat.com> (raw)
In-Reply-To: <20220405170514.2963773-1-sbrivio@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 602 bytes --]
Not an actual issue due to how it's typically stored, but udp_act
can also be used for ports 65528-65535. Reported by Coverity.
Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>
---
udp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/udp.c b/udp.c
index cbd3ac8..86d806a 100644
--- a/udp.c
+++ b/udp.c
@@ -180,7 +180,7 @@ enum udp_act_type {
};
/* Activity-based aging for bindings */
-static uint8_t udp_act[IP_VERSIONS][UDP_ACT_TYPE_MAX][USHRT_MAX / 8];
+static uint8_t udp_act[IP_VERSIONS][UDP_ACT_TYPE_MAX][(USHRT_MAX + 1) / 8];
/* Static buffers */
--
@@ -180,7 +180,7 @@ enum udp_act_type {
};
/* Activity-based aging for bindings */
-static uint8_t udp_act[IP_VERSIONS][UDP_ACT_TYPE_MAX][USHRT_MAX / 8];
+static uint8_t udp_act[IP_VERSIONS][UDP_ACT_TYPE_MAX][(USHRT_MAX + 1) / 8];
/* Static buffers */
--
2.35.1
next prev parent reply other threads:[~2022-04-05 17:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-05 17:04 [PATCH 00/16] Fix issues reported by Coverity Stefano Brivio
2022-04-05 17:04 ` [PATCH 01/16] treewide: Invalid type in argument to printf format specifier, CWE-686 Stefano Brivio
2022-04-05 17:05 ` [PATCH 02/16] passt: Ignoring number of bytes read, CWE-252 Stefano Brivio
2022-04-05 17:05 ` [PATCH 03/16] tcp: False "Untrusted loop bound" positive, CWE-606 Stefano Brivio
2022-04-05 17:05 ` [PATCH 04/16] treewide: Unchecked return value from library, CWE-252 Stefano Brivio
2022-04-05 17:05 ` [PATCH 05/16] tap: Resource leak, CWE-404 Stefano Brivio
2022-04-05 17:05 ` [PATCH 06/16] conf, packet: Operands don't affect result, CWE-569 Stefano Brivio
2022-04-05 17:05 ` [PATCH 07/16] passt: Improper use of negative value (CWE-394) Stefano Brivio
2022-04-05 17:05 ` [PATCH 08/16] treewide: Argument cannot be negative, CWE-687 Stefano Brivio
2022-04-05 17:05 ` [PATCH 09/16] conf: False "Assign instead of compare" positive, CWE-481 Stefano Brivio
2022-04-05 17:05 ` [PATCH 10/16] conf, tap: False "Buffer not null terminated" positives, CWE-170 Stefano Brivio
2022-04-05 17:05 ` [PATCH 11/16] tcp: Dereference null return value, CWE-476 Stefano Brivio
2022-04-05 17:05 ` [PATCH 12/16] tcp_splice: Logically dead code, CWE-561 Stefano Brivio
2022-04-05 17:05 ` [PATCH 13/16] tcp, tcp_splice: False "Negative array index read" positives, CWE-129 Stefano Brivio
2022-04-05 17:05 ` [PATCH 14/16] tcp: False "Out-of-bounds read" positive, CWE-125 Stefano Brivio
2022-04-05 17:05 ` Stefano Brivio [this message]
2022-04-05 17:05 ` [PATCH 16/16] arch: Pointer to local outside scope, CWE-562 Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220405170514.2963773-16-sbrivio@redhat.com \
--to=sbrivio@redhat.com \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).