On Wed, Sep 21, 2022 at 10:55:03PM +0200, Stefano Brivio wrote:
> Reported by Coverity (CWE-119):
> 
> 	Negative value used as argument to a function expecting a
> 	positive value (for example, size of buffer or allocation)
> 
> and harmless, because getsockopt() would return -EBADF if the
> socket is -1, so we wouldn't print anything.
> 
> Check if accept4() returns a valid socket before calling getsockopt()
> on it.
> 
> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>

Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>

> ---
>  tap.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/tap.c b/tap.c
> index 3231da7..4d7422f 100644
> --- a/tap.c
> +++ b/tap.c
> @@ -872,11 +872,13 @@ static void tap_sock_unix_new(struct ctx *c)
>  		int discard = accept4(c->fd_tap_listen, NULL, NULL,
>  				      SOCK_NONBLOCK);
>  
> +		if (discard == -1)
> +			return;
> +
>  		if (!getsockopt(discard, SOL_SOCKET, SO_PEERCRED, &ucred, &len))
>  			info("discarding connection from PID %i", ucred.pid);
>  
> -		if (discard != -1)
> -			close(discard);
> +		close(discard);
>  
>  		return;
>  	}

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson