1465646 – Fix Covscan detected programming errors

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1465646 - Fix Covscan detected programming errors

Summary: Fix Covscan detected programming errors

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	iproute
Sub Component:
Version:	7.4-Alt
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Andrea Claudi
QA Contact:	Jaroslav Aster
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1358787 (view as bug list)
Depends On:
Blocks:	1358787
TreeView+	depends on / blocked

Reported:	2017-06-27 20:34 UTC by Phil Sutter
Modified:	2019-08-06 12:54 UTC (History)
CC List:	8 users (show)
Fixed In Version:	iproute-4.11.0-22.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-08-06 12:54:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
scan-results.err (218.44 KB, text/plain) 2017-06-27 20:34 UTC, Phil Sutter	no flags	Details
stdout.log.gz (26.27 KB, application/x-gzip) 2017-06-27 20:34 UTC, Phil Sutter	no flags	Details
scan results (227.69 KB, text/plain) 2017-11-08 15:38 UTC, Phil Sutter	no flags	Details
stdout.log.gz (26.45 KB, application/x-gzip) 2017-11-08 15:39 UTC, Phil Sutter	no flags	Details
scan results (233.16 KB, text/plain) 2017-11-10 10:46 UTC, Phil Sutter	no flags	Details
stdout.log.gz (26.83 KB, application/x-gzip) 2017-11-10 10:47 UTC, Phil Sutter	no flags	Details
scan results (234.08 KB, text/plain) 2017-12-06 13:38 UTC, Phil Sutter	no flags	Details
stdout.log.gz (27.09 KB, application/x-gzip) 2017-12-06 13:38 UTC, Phil Sutter	no flags	Details
Show Obsolete (6) View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2019:2131	0	None	None	None	2019-08-06 12:54:48 UTC

Description Phil Sutter 2017-06-27 20:34:00 UTC

Created attachment 1292454 [details]
scan-results.err

Covscan found a large number of issues in rebased code base. Since version 4.11.0 is fairly fresh, almost all of them will be consistent with upstream and therefore need to be fixed there, first.

Comment 2 Phil Sutter 2017-06-27 20:34:39 UTC

Created attachment 1292455 [details]
stdout.log.gz

Comment 3 Phil Sutter 2017-08-24 08:19:55 UTC

*** Bug 1358787 has been marked as a duplicate of this bug. ***

Comment 4 Phil Sutter 2017-10-04 20:24:15 UTC

After having converted the covscan report into a long series of patches and then worked them until Stephen Hemminger either accepted or explicitly refused, here is the list of commits I managed to get upstreamed:

[iproute PATCH v2 0/2] Covscan: Shell script fixes
2313b6bfe4f5e examples: Some shell fixes to cbq.init
1e3197e0fdbf2 ifcfg: Quote left-hand side of [ ] expression

[iproute PATCH v2 0/3] Covscan: Fixes for obvious programming mistakes
436270a45dea2 tipc/node: Fix socket fd check in cmd_node_get_addr()
58a15e6c7e7cb iproute_lwtunnel: Argument to strerror must be positive
08806fb0191e9 iproute_lwtunnel: csum_mode value checking was ineffective

[iproute PATCH v2 0/2] Covscan: Fix potential file descriptor leaks
4b45ae221e949 ss: Don't leak fd in tcp_show_netlink_file()
3e587d9f43891 tc/em_ipset: Don't leak sockfd on error path

[iproute PATCH v2 0/5] Covscan: Fix potential memory leaks
6ac5943bdd5ac ipvrf: Fix error path of vrf_switch()
35f6adefb8f9d ifstat: Fix memleak in error case
b530cef0e3bbd ifstat: Fix memleak in dump_kern_db() for json output
46131577cf1ba ss: Fix potential memleak in unix_stats_print()
be55416addf76 tipc/bearer: Fix resource leak in error path

[iproute PATCH v2 0/7] Covscan: Dead code elimination
8579a398c5ab0 devlink: No need for this self-assignment
2869262144271 ipntable: No need to check and assign to parms_rta
2a866256197f8 iproute: Fix for missing 'Oifs:' display
b3c5f84493d33 lib/rt_names: Drop dead code in rtnl_rttable_n2a()
44448a90eab34 ss: Skip useless check in parse_hostcond()
e469523e8e8d1 ss: Drop useless assignment
73aa988868e7e tc/m_gact: Drop dead code

[iproute PATCH v3 0/6] Covscan: Don't access garbage
d044ea3e784d1 ipaddress: Avoid accessing uninitialized variable lcl
258b7c0fa70c2 iplink_can: Prevent overstepping array bounds
b48a1161f5f9b ipmaddr: Avoid accessing uninitialized data
301826beb3baa ss: Use C99 initializer in netlink_show_one()
d304b05c12b3a netem/maketable: Check return value of fstat()
82ed9ffa2bb86 tc/q_multiq: Don't pass garbage in TCA_OPTIONS

[iproute PATCH v2 0/3] Covscan: Fix for missing error checking
7c66d89828a6e iproute: Check mark value input
84b6a3f4b5720 iplink_vrf: Complain if main table is not found
6e33f7b0f6e04 devlink: Check return code of strslashrsplit()

(forgotten patch when splitting into chunks)
c3724e4bc3a6c lib/bpf: Don't leak fp in bpf_find_mntpt()

[iproute PATCH v4 0/4] Covscan: Fix potential NULL pointer dereferences
6d02518fdc37e ifstat, nstat: Check fdopen() return value
a754de3ccd937 tc/q_netem: Don't dereference possibly NULL pointer
75716932a0af2 tc/tc_filter: Make sure filter name is not empty
70a6df3962b84 tipc/bearer: Prevent NULL pointer dereference

[iproute PATCH v4 0/6] Covscan: Fixes for string termination
45c2ec9e95fef ipntable: Avoid memory allocation for filter.name
eab450789829e lib/fs: Fix format string in find_fs_mount()
cfda500a7d808 lib/inet_proto: Review inet_proto_{a2n,n2a}()
bc27878d21909 lnstat_util: Simplify alloc_and_open() a bit
56270e54661e8 tc/m_xt: Fix for potential string buffer overflows
4b9e91782269f lib/ll_map: Choose size of new cache items at run-time

[iproute PATCH v3 0/6] Covscan: Misc fixes
4cbf5224f2b50 ss: Make struct tcpstat fields 'timer' and 'timeout' unsigned
0aa03350c00d7 ss: Make sure scanned index value to unix_state_map is sane
92963d136de8c netem/maketable: Check return value of fscanf()
b5c78e1b2c868 lib/bpf: Check return value of write()
ac3415f5c1b1d lib/fs: Fix and simplify make_path()
893deac4c43b5 lib/libnetlink: Don't pass NULL parameter to memcpy()

[iproute PATCH 0/6] strlcpy() and strlcat() for iproute2
8d15e012a3227 utils: Implement strlcpy() and strlcat()
18f156bfecda2 Convert the obvious cases to strlcpy()
532b8874fe545 Convert harmful calls to strncpy() to strlcpy()
44cc6c792a650 ipxfrm: Replace STRBUF_CAT macro with strlcat()
9376314b49a47 tc_util: No need to terminate an snprintf'ed buffer
bc4a57b87990b lnstat_util: Make sure buffer is NUL-terminated

(followup to previous series)
50ea3c64384b1 utils: strlcpy() and strlcat() don't clobber dst

[iproute PATCH v3 0/3] Check user supplied interface name lengths
26111ab1dba82 ip{6, }tunnel: Avoid copying user-supplied interface name around
ee474849c8511 tc: flower: No need to cache indev arg
625df645b703d Check user supplied interface name lengths

Comment 5 Phil Sutter 2017-11-08 15:38:44 UTC

Created attachment 1349485 [details]
scan results

Comment 6 Phil Sutter 2017-11-08 15:39:20 UTC

Created attachment 1349486 [details]
stdout.log.gz

Comment 7 Kamil Dudka 2017-11-08 18:01:33 UTC

Awesome.  Thank you for getting all the fixes upstream!

Comment 8 Phil Sutter 2017-11-09 11:33:39 UTC

(In reply to Kamil Dudka from comment #7)
> Awesome.  Thank you for getting all the fixes upstream!

Thanks! Sadly, this is a moving target.

Comment 9 Phil Sutter 2017-11-10 10:46:59 UTC

Created attachment 1350410 [details]
scan results

Comment 10 Phil Sutter 2017-11-10 10:47:32 UTC

Created attachment 1350411 [details]
stdout.log.gz

Comment 11 Phil Sutter 2017-12-06 13:38:08 UTC

Created attachment 1363675 [details]
scan results

Comment 12 Phil Sutter 2017-12-06 13:38:43 UTC

Created attachment 1363677 [details]
stdout.log.gz

Comment 16 Andrea Claudi 2019-04-30 08:35:26 UTC

Covscan run on iproute-4.11.0-21.el7 detects the following problem:

iproute-4.11.0-0.el7/lib/bpf.c:489: leaked_handle: Handle variable "fd" going out of scope leaks the handle.

This is introduced backporting patches above.

Backport of commit 1b736dc469dca ("bpf: minor cleanups for bpf_trace_pipe") should solve the issue.

Comment 19 errata-xmlrpc 2019-08-06 12:54:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:2131

Note You need to log in before you can comment on or make changes to this bug.