[lxc-devel] [lxc/master] Coverity fixes for veth vlan

Tue Jun 9 11:08:04 UTC 2020

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200609/c8ed659c/attachment-0001.bin>
-------------- next part --------------
From 4e61b19d62ea7e9d4d2c11b863701b75e24c6ad9 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 9 Jun 2020 12:01:41 +0100
Subject: [PATCH 1/3] confile: Fix coverity issue, missing return in
 get_config_net_veth_vlan_tagged_id

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 src/lxc/confile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 3ee2e8847a..68403e65e0 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -5906,7 +5906,7 @@ static int get_config_net_veth_vlan_tagged_id(const char *key, char *retv, int i
 	struct lxc_netdev *netdev = data;
 
 	if (!netdev)
-		ret_errno(EINVAL);
+		return ret_errno(EINVAL);
 
 	if (netdev->type != LXC_NET_VETH)
 		return 0;

From 785e15403e7a004a285686342e6d4b973e278803 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 9 Jun 2020 12:03:06 +0100
Subject: [PATCH 2/3] network: Fix coverity issue, leaking data in
 lxc_ovs_setup_bridge_vlan_exec

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 src/lxc/network.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 2ff053ecae..9691ec94a0 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -433,11 +433,14 @@ struct ovs_veth_vlan_args {
 static int lxc_ovs_setup_bridge_vlan_exec(void *data)
 {
 	struct ovs_veth_vlan_args *args = data;
-	const char *vlan_mode = "", *tag = "", *trunks = "";
+       __do_free char *vlan_mode = NULL, *tag = NULL, *trunks = NULL;
+
+	if (!args->vlan_mode)
+		return ret_errno(EINVAL);
 
 	vlan_mode = must_concat(NULL, "vlan_mode=", args->vlan_mode, (char *)NULL);
 
-	if (args->vlan_id >= 0) {
+	if (args->vlan_id > BRIDGE_VLAN_NONE) {
 		char buf[5];
 		int rc;
 
@@ -449,15 +452,15 @@ static int lxc_ovs_setup_bridge_vlan_exec(void *data)
 	}
 
 
-	if (strcmp(args->trunks, "") != 0)
+	if (args->trunks)
 		trunks = must_concat(NULL, "trunks=", args->trunks, (char *)NULL);
 
 	/* Detect the combination of vlan_id and trunks specified and convert to ovs-vsctl command. */
-	if (strcmp(tag, "") != 0 && strcmp(trunks, "") != 0)
+	if (tag && trunks)
 		execlp("ovs-vsctl", "ovs-vsctl", "set", "port", args->nic, vlan_mode, tag, trunks, (char *)NULL);
-	else if (strcmp(tag, "") != 0)
+	else if (tag)
 		execlp("ovs-vsctl", "ovs-vsctl", "set", "port", args->nic, vlan_mode, tag, (char *)NULL);
-	else if (strcmp(trunks, "") != 0)
+	else if (trunks)
 		execlp("ovs-vsctl", "ovs-vsctl", "set", "port", args->nic, vlan_mode, trunks, (char *)NULL);
 	else
 		return -EINVAL;

From 1ee07848e7cbfb9b0673167e8f40f20082e398b1 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 9 Jun 2020 12:03:40 +0100
Subject: [PATCH 3/3] network: Fix coverity issue, dont initialise string
 pointers in setup_veth_ovs_bridge_vlan

This is needed by lxc_ovs_setup_bridge_vlan_exec.

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 src/lxc/network.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 9691ec94a0..84bfb6b390 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -473,9 +473,9 @@ static int setup_veth_ovs_bridge_vlan(char *veth1, struct lxc_netdev *netdev)
 	int taggedLength = lxc_list_len(&netdev->priv.veth_attr.vlan_tagged_ids);
 	struct ovs_veth_vlan_args args;
 	args.nic = veth1;
-	args.vlan_mode = "";
-	args.vlan_id = -1;
-	args.trunks = "";
+	args.vlan_mode = NULL;
+	args.vlan_id = BRIDGE_VLAN_NONE;
+	args.trunks = NULL;
 
 	/* Skip setup if no VLAN options are specified. */
 	if (!netdev->priv.veth_attr.vlan_id_set && taggedLength <= 0)
@@ -515,11 +515,14 @@ static int setup_veth_ovs_bridge_vlan(char *veth1, struct lxc_netdev *netdev)
 			if (rc < 0 || (size_t)rc >= sizeof(buf))
 				return log_error_errno(-1, EINVAL, "Failed to parse tagged vlan \"%u\" for interface \"%s\"", vlan_id, veth1);
 
-			args.trunks = must_concat(NULL, args.trunks, buf, ",", (char *)NULL);
+			if (args.trunks)
+				args.trunks = must_concat(NULL, args.trunks, buf, ",", (char *)NULL);
+			else
+				args.trunks = must_concat(NULL, buf, ",", (char *)NULL);
 		}
 	}
 
-	if (strcmp(args.vlan_mode, "") != 0) {
+	if (args.vlan_mode) {
 		int ret;
 		char cmd_output[PATH_MAX];
 
