From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH 3/5] treewide: Don't rely on terminator records in ip[46].dns arrays
Date: Mon, 5 Jan 2026 18:53:35 +1100 [thread overview]
Message-ID: <20260105075337.1724962-4-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20260105075337.1724962-1-david@gibson.dropbear.id.au>
In our arrays of DNS resolvers to pass to the guest we use a blank entry
to indicate the end of the list. We rely on this when scanning the array,
not having separate bounds checking. clang-tidy 21.1.7 has fancier
checking for array overruns in loops, but it's not able to reason that
there's always a terminating entry, so complains.
Indeed, it's correct to do so in this case. Although we allow space in the
arrays for the terminator (size MAXNS + 1), add_dns[46]() check only for
idx >= ARRAY_SIZE()
before adding an entry. This allows it to consume the last slot with a
"real" entry, meaning the places where we scan really could overrun.
Fix the bug, and make it easier to reason about (for both clang-tidy and
people) by using ARRAY_SIZE() base bounds checking. Treat the terminator
explicitly as an early exit case using 'break'.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
conf.c | 8 ++++++--
dhcp.c | 4 +++-
dhcpv6.c | 4 +++-
ndp.c | 4 +++-
passt.h | 4 ++--
5 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/conf.c b/conf.c
index 84ae12b2..ceb9aa55 100644
--- a/conf.c
+++ b/conf.c
@@ -1159,7 +1159,9 @@ static void conf_print(const struct ctx *c)
buf4, sizeof(buf4)));
}
- for (i = 0; !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i]); i++) {
+ for (i = 0; i < ARRAY_SIZE(c->ip4.dns); i++) {
+ if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i]))
+ break;
if (!i)
info("DNS:");
inet_ntop(AF_INET, &c->ip4.dns[i], buf4, sizeof(buf4));
@@ -1197,7 +1199,9 @@ static void conf_print(const struct ctx *c)
buf6, sizeof(buf6)));
dns6:
- for (i = 0; !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i]); i++) {
+ for (i = 0; i < ARRAY_SIZE(c->ip6.dns); i++) {
+ if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i]))
+ break;
if (!i)
info("DNS:");
inet_ntop(AF_INET6, &c->ip6.dns[i], buf6, sizeof(buf6));
diff --git a/dhcp.c b/dhcp.c
index 6b9c2e3b..1ff8cba9 100644
--- a/dhcp.c
+++ b/dhcp.c
@@ -430,7 +430,9 @@ int dhcp(const struct ctx *c, struct iov_tail *data)
}
for (i = 0, opts[6].slen = 0;
- !c->no_dhcp_dns && !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i]); i++) {
+ !c->no_dhcp_dns && i < ARRAY_SIZE(c->ip4.dns); i++) {
+ if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i]))
+ break;
((struct in_addr *)opts[6].s)[i] = c->ip4.dns[i];
opts[6].slen += sizeof(uint32_t);
}
diff --git a/dhcpv6.c b/dhcpv6.c
index e4df0db5..d94be23a 100644
--- a/dhcpv6.c
+++ b/dhcpv6.c
@@ -425,7 +425,9 @@ static size_t dhcpv6_dns_fill(const struct ctx *c, char *buf, int offset)
if (c->no_dhcp_dns)
goto search;
- for (i = 0; !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i]); i++) {
+ for (i = 0; i < ARRAY_SIZE(c->ip6.dns); i++) {
+ if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i]))
+ break;
if (!i) {
srv = (struct opt_dns_servers *)(buf + offset);
offset += sizeof(struct opt_hdr);
diff --git a/ndp.c b/ndp.c
index eb9e3139..1f2bcb0c 100644
--- a/ndp.c
+++ b/ndp.c
@@ -285,7 +285,9 @@ static void ndp_ra(const struct ctx *c, const struct in6_addr *dst)
size_t dns_s_len = 0;
int i, n;
- for (n = 0; !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[n]); n++);
+ for (n = 0; n < ARRAY_SIZE(c->ip6.dns); n++)
+ if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[n]))
+ break;
if (n) {
struct opt_rdnss *rdnss = (struct opt_rdnss *)ptr;
*rdnss = (struct opt_rdnss) {
diff --git a/passt.h b/passt.h
index 79d01ddb..87da76d3 100644
--- a/passt.h
+++ b/passt.h
@@ -91,7 +91,7 @@ struct ip4_ctx {
struct in_addr guest_gw;
struct in_addr map_host_loopback;
struct in_addr map_guest_addr;
- struct in_addr dns[MAXNS + 1];
+ struct in_addr dns[MAXNS];
struct in_addr dns_match;
struct in_addr our_tap_addr;
@@ -132,7 +132,7 @@ struct ip6_ctx {
struct in6_addr guest_gw;
struct in6_addr map_host_loopback;
struct in6_addr map_guest_addr;
- struct in6_addr dns[MAXNS + 1];
+ struct in6_addr dns[MAXNS];
struct in6_addr dns_match;
struct in6_addr our_tap_ll;
--
2.52.0
next prev parent reply other threads:[~2026-01-05 7:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-05 7:53 [PATCH 0/5] Fixes for Fedora 43 (or other bitrot) David Gibson
2026-01-05 7:53 ` [PATCH 1/5] util: Be more defensive about buffer overruns in read_file() David Gibson
2026-01-06 13:37 ` Laurent Vivier
2026-01-05 7:53 ` [PATCH 2/5] migrate: Don't use terminator element for versions[] array David Gibson
2026-01-06 13:43 ` Laurent Vivier
2026-01-06 13:47 ` Laurent Vivier
2026-01-07 0:10 ` David Gibson
2026-01-05 7:53 ` David Gibson [this message]
2026-01-06 13:53 ` [PATCH 3/5] treewide: Don't rely on terminator records in ip[46].dns arrays Laurent Vivier
2026-01-07 0:11 ` David Gibson
2026-01-05 7:53 ` [PATCH 4/5] test: Handle Operating System Command escapes in terminal output David Gibson
2026-01-06 14:07 ` Laurent Vivier
2026-01-05 7:53 ` [PATCH 5/5] test: Include sshd-auth in mbuto guest image David Gibson
2026-01-06 14:11 ` Laurent Vivier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260105075337.1724962-4-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).