Bug 1465646
| Summary: | Fix Covscan detected programming errors | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Phil Sutter <psutter> | ||||||||||||||||||
| Component: | iproute | Assignee: | Andrea Claudi <aclaudi> | ||||||||||||||||||
| Status: | CLOSED ERRATA | QA Contact: | Jaroslav Aster <jaster> | ||||||||||||||||||
| Severity: | medium | Docs Contact: | |||||||||||||||||||
| Priority: | medium | ||||||||||||||||||||
| Version: | 7.4-Alt | CC: | aclaudi, aloughla, atragler, jaster, jmaxwell, kdudka, rkhan, sukulkar | ||||||||||||||||||
| Target Milestone: | rc | ||||||||||||||||||||
| Target Release: | --- | ||||||||||||||||||||
| Hardware: | All | ||||||||||||||||||||
| OS: | Linux | ||||||||||||||||||||
| Whiteboard: | |||||||||||||||||||||
| Fixed In Version: | iproute-4.11.0-22.el7 | Doc Type: | If docs needed, set a value | ||||||||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||||||||
| Clone Of: | Environment: | ||||||||||||||||||||
| Last Closed: | 2019-08-06 12:54:26 UTC | Type: | Bug | ||||||||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||||||||
| Documentation: | --- | CRM: | |||||||||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||||||
| Embargoed: | |||||||||||||||||||||
| Bug Depends On: | |||||||||||||||||||||
| Bug Blocks: | 1358787 | ||||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||
Created attachment 1292455 [details]
stdout.log.gz
*** Bug 1358787 has been marked as a duplicate of this bug. *** After having converted the covscan report into a long series of patches and then worked them until Stephen Hemminger either accepted or explicitly refused, here is the list of commits I managed to get upstreamed:
[iproute PATCH v2 0/2] Covscan: Shell script fixes
2313b6bfe4f5e examples: Some shell fixes to cbq.init
1e3197e0fdbf2 ifcfg: Quote left-hand side of [ ] expression
[iproute PATCH v2 0/3] Covscan: Fixes for obvious programming mistakes
436270a45dea2 tipc/node: Fix socket fd check in cmd_node_get_addr()
58a15e6c7e7cb iproute_lwtunnel: Argument to strerror must be positive
08806fb0191e9 iproute_lwtunnel: csum_mode value checking was ineffective
[iproute PATCH v2 0/2] Covscan: Fix potential file descriptor leaks
4b45ae221e949 ss: Don't leak fd in tcp_show_netlink_file()
3e587d9f43891 tc/em_ipset: Don't leak sockfd on error path
[iproute PATCH v2 0/5] Covscan: Fix potential memory leaks
6ac5943bdd5ac ipvrf: Fix error path of vrf_switch()
35f6adefb8f9d ifstat: Fix memleak in error case
b530cef0e3bbd ifstat: Fix memleak in dump_kern_db() for json output
46131577cf1ba ss: Fix potential memleak in unix_stats_print()
be55416addf76 tipc/bearer: Fix resource leak in error path
[iproute PATCH v2 0/7] Covscan: Dead code elimination
8579a398c5ab0 devlink: No need for this self-assignment
2869262144271 ipntable: No need to check and assign to parms_rta
2a866256197f8 iproute: Fix for missing 'Oifs:' display
b3c5f84493d33 lib/rt_names: Drop dead code in rtnl_rttable_n2a()
44448a90eab34 ss: Skip useless check in parse_hostcond()
e469523e8e8d1 ss: Drop useless assignment
73aa988868e7e tc/m_gact: Drop dead code
[iproute PATCH v3 0/6] Covscan: Don't access garbage
d044ea3e784d1 ipaddress: Avoid accessing uninitialized variable lcl
258b7c0fa70c2 iplink_can: Prevent overstepping array bounds
b48a1161f5f9b ipmaddr: Avoid accessing uninitialized data
301826beb3baa ss: Use C99 initializer in netlink_show_one()
d304b05c12b3a netem/maketable: Check return value of fstat()
82ed9ffa2bb86 tc/q_multiq: Don't pass garbage in TCA_OPTIONS
[iproute PATCH v2 0/3] Covscan: Fix for missing error checking
7c66d89828a6e iproute: Check mark value input
84b6a3f4b5720 iplink_vrf: Complain if main table is not found
6e33f7b0f6e04 devlink: Check return code of strslashrsplit()
(forgotten patch when splitting into chunks)
c3724e4bc3a6c lib/bpf: Don't leak fp in bpf_find_mntpt()
[iproute PATCH v4 0/4] Covscan: Fix potential NULL pointer dereferences
6d02518fdc37e ifstat, nstat: Check fdopen() return value
a754de3ccd937 tc/q_netem: Don't dereference possibly NULL pointer
75716932a0af2 tc/tc_filter: Make sure filter name is not empty
70a6df3962b84 tipc/bearer: Prevent NULL pointer dereference
[iproute PATCH v4 0/6] Covscan: Fixes for string termination
45c2ec9e95fef ipntable: Avoid memory allocation for filter.name
eab450789829e lib/fs: Fix format string in find_fs_mount()
cfda500a7d808 lib/inet_proto: Review inet_proto_{a2n,n2a}()
bc27878d21909 lnstat_util: Simplify alloc_and_open() a bit
56270e54661e8 tc/m_xt: Fix for potential string buffer overflows
4b9e91782269f lib/ll_map: Choose size of new cache items at run-time
[iproute PATCH v3 0/6] Covscan: Misc fixes
4cbf5224f2b50 ss: Make struct tcpstat fields 'timer' and 'timeout' unsigned
0aa03350c00d7 ss: Make sure scanned index value to unix_state_map is sane
92963d136de8c netem/maketable: Check return value of fscanf()
b5c78e1b2c868 lib/bpf: Check return value of write()
ac3415f5c1b1d lib/fs: Fix and simplify make_path()
893deac4c43b5 lib/libnetlink: Don't pass NULL parameter to memcpy()
[iproute PATCH 0/6] strlcpy() and strlcat() for iproute2
8d15e012a3227 utils: Implement strlcpy() and strlcat()
18f156bfecda2 Convert the obvious cases to strlcpy()
532b8874fe545 Convert harmful calls to strncpy() to strlcpy()
44cc6c792a650 ipxfrm: Replace STRBUF_CAT macro with strlcat()
9376314b49a47 tc_util: No need to terminate an snprintf'ed buffer
bc4a57b87990b lnstat_util: Make sure buffer is NUL-terminated
(followup to previous series)
50ea3c64384b1 utils: strlcpy() and strlcat() don't clobber dst
[iproute PATCH v3 0/3] Check user supplied interface name lengths
26111ab1dba82 ip{6, }tunnel: Avoid copying user-supplied interface name around
ee474849c8511 tc: flower: No need to cache indev arg
625df645b703d Check user supplied interface name lengths
Created attachment 1349485 [details]
scan results
Created attachment 1349486 [details]
stdout.log.gz
Awesome. Thank you for getting all the fixes upstream! (In reply to Kamil Dudka from comment #7) > Awesome. Thank you for getting all the fixes upstream! Thanks! Sadly, this is a moving target. Created attachment 1350410 [details]
scan results
Created attachment 1350411 [details]
stdout.log.gz
Created attachment 1363675 [details]
scan results
Created attachment 1363677 [details]
stdout.log.gz
Covscan run on iproute-4.11.0-21.el7 detects the following problem:
iproute-4.11.0-0.el7/lib/bpf.c:489: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
This is introduced backporting patches above.
Backport of commit 1b736dc469dca ("bpf: minor cleanups for bpf_trace_pipe") should solve the issue.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:2131 |
Created attachment 1292454 [details] scan-results.err Covscan found a large number of issues in rebased code base. Since version 4.11.0 is fairly fresh, almost all of them will be consistent with upstream and therefore need to be fixed there, first.