From mboxrd@z Thu Jan  1 00:00:00 1970
Received: by passt.top (Postfix, from userid 1000)
	id 1629C5A0319; Thu, 27 Jun 2024 22:46:41 +0200 (CEST)
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH v2 0/5] Small, assorted "hardening" fixes
Date: Thu, 27 Jun 2024 22:46:36 +0200
Message-ID: <20240627204641.4046184-1-sbrivio@redhat.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: UUPB5IX7Y4IMU72N35U3NG2N5CKFACQL
X-Message-ID-Hash: UUPB5IX7Y4IMU72N35U3NG2N5CKFACQL
X-MailFrom: sbrivio@passt.top
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Matej Hrica <mhrica@redhat.com>, David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240627204641.4046184-1-sbrivio@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/UUPB5IX7Y4IMU72N35U3NG2N5CKFACQL/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

All harmless issues as far as I can tell, but nice to fix.

v2:
- in 3/5:
  - keep 'skip' in write_remainder() unsigned, and check for
    unsigned overflow instead
  - refactor sadd_overflow() and ssub_overflow() to use built-ins
    with automatic types, take ssize_t arguments, and deal with
    different ssize_t type widths
- in 4/5:
  - switch l2len in tap_handler_passt() to uint32_t, as it really
    is unsigned and 32-bit wide
  - return if the length descriptor mismatches, instead of trying
    to proceed to the next frame
- add 5/5

Stefano Brivio (5):
  conf: Copy up to MAXDNSRCH - 1 bytes, not MAXDNSRCH
  tcp_splice: Check return value of setsockopt() for SO_RCVLOWAT
  util, lineread, tap: Overflow checks on long signed sums and
    subtractions
  tap: Discard guest data on length descriptor mismatch
  conf: Use the right maximum buffer size for c->sock_path

 conf.c       |  4 ++--
 lineread.c   |  5 +++--
 tap.c        | 31 +++++++++++++++++++----------
 tcp_splice.c | 15 +++++++++-----
 util.c       |  5 +++++
 util.h       | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 96 insertions(+), 19 deletions(-)

-- 
2.43.0