From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH 3/7] tap: Check return value of accept4() before calling getsockopt() Date: Wed, 21 Sep 2022 22:55:03 +0200 Message-ID: <20220921205507.2742203-4-sbrivio@redhat.com> In-Reply-To: <20220921205507.2742203-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5641429538068421501==" --===============5641429538068421501== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Reported by Coverity (CWE-119): Negative value used as argument to a function expecting a positive value (for example, size of buffer or allocation) and harmless, because getsockopt() would return -EBADF if the socket is -1, so we wouldn't print anything. Check if accept4() returns a valid socket before calling getsockopt() on it. Signed-off-by: Stefano Brivio --- tap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tap.c b/tap.c index 3231da7..4d7422f 100644 --- a/tap.c +++ b/tap.c @@ -872,11 +872,13 @@ static void tap_sock_unix_new(struct ctx *c) int discard = accept4(c->fd_tap_listen, NULL, NULL, SOCK_NONBLOCK); + if (discard == -1) + return; + if (!getsockopt(discard, SOL_SOCKET, SO_PEERCRED, &ucred, &len)) info("discarding connection from PID %i", ucred.pid); - if (discard != -1) - close(discard); + close(discard); return; } -- 2.35.1 --===============5641429538068421501==--