From: Jorge Boncompte <jbonor@gmail.com>
Date: Thu, 10 Aug 2017 19:21:14 +0000 (+0200)
Subject: nhrpd: fix issues found by coverity
X-Git-Tag: frr-4.0-dev~424^2~1
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=6c8ca260505bf1d96c87371ad71278576345bb5c;p=mirror%2Ffrr.git

nhrpd: fix issues found by coverity

Signed-off-by: Jorge Boncompte <jbonor@gmail.com>
---

diff --git a/nhrpd/linux.c b/nhrpd/linux.c
index 75a16eab37..88804a87d6 100644
--- a/nhrpd/linux.c
+++ b/nhrpd/linux.c
@@ -105,7 +105,7 @@ static int linux_configure_arp(const char *iface, int on)
 {
 	struct ifreq ifr;
 
-	strncpy(ifr.ifr_name, iface, IFNAMSIZ);
+	strncpy(ifr.ifr_name, iface, IFNAMSIZ - 1);
 	if (ioctl(nhrp_socket_fd, SIOCGIFFLAGS, &ifr))
 		return -1;
 
diff --git a/nhrpd/netlink.h b/nhrpd/netlink.h
index f05596ba1b..e8dc22adf0 100644
--- a/nhrpd/netlink.h
+++ b/nhrpd/netlink.h
@@ -15,7 +15,7 @@ struct interface;
 extern int netlink_nflog_group;
 extern int netlink_req_fd;
 
-int netlink_init(void);
+void netlink_init(void);
 int netlink_configure_arp(unsigned int ifindex, int pf);
 void netlink_update_binding(struct interface *ifp, union sockunion *proto, union sockunion *nbma);
 void netlink_set_nflog_group(int nlgroup);
diff --git a/nhrpd/netlink_arp.c b/nhrpd/netlink_arp.c
index 2b222e3c5c..425526cede 100644
--- a/nhrpd/netlink_arp.c
+++ b/nhrpd/netlink_arp.c
@@ -230,20 +230,27 @@ void netlink_set_nflog_group(int nlgroup)
 	netlink_nflog_group = nlgroup;
 	if (nlgroup) {
 		netlink_log_fd = znl_open(NETLINK_NETFILTER,  0);
+		if (netlink_log_fd < 0)
+			return;
+
 		netlink_log_register(netlink_log_fd, nlgroup);
 		thread_add_read(master, netlink_log_recv, 0, netlink_log_fd,
 				&netlink_log_thread);
 	}
 }
 
-int netlink_init(void)
+void netlink_init(void)
 {
 	netlink_req_fd = znl_open(NETLINK_ROUTE, 0);
+	if (netlink_req_fd < 0)
+		return;
+
 	netlink_listen_fd = znl_open(NETLINK_ROUTE, RTMGRP_NEIGH);
+	if (netlink_listen_fd < 0)
+		return;
+
 	thread_add_read(master, netlink_route_recv, 0, netlink_listen_fd,
 			NULL);
-
-	return 0;
 }
 
 int netlink_configure_arp(unsigned int ifindex, int pf)
diff --git a/nhrpd/nhrp_event.c b/nhrpd/nhrp_event.c
index 8a3f820f76..4ee58a43e5 100644
--- a/nhrpd/nhrp_event.c
+++ b/nhrpd/nhrp_event.c
@@ -59,8 +59,10 @@ static void evmgr_recv_message(struct event_manager *evmgr, struct zbuf *zb)
 		buf[len] = 0;
 
 		debugf(NHRP_DEBUG_EVENT, "evmgr: msg: %s", buf);
-		sscanf(buf, "eventid=%d", &eventid);
-		sscanf(buf, "result=%63s", result);
+		if (sscanf(buf, "eventid=%d", &eventid) != 1)
+			continue;
+		if (sscanf(buf, "result=%63s", result) != 1)
+			continue;
 	}
 	debugf(NHRP_DEBUG_EVENT, "evmgr: received: eventid=%d result=%s", eventid, result);
 	if (eventid && result[0]) {
diff --git a/nhrpd/nhrp_peer.c b/nhrpd/nhrp_peer.c
index f1cf62a598..4ee9afbd54 100644
--- a/nhrpd/nhrp_peer.c
+++ b/nhrpd/nhrp_peer.c
@@ -598,6 +598,10 @@ static struct {
 	const char *name;
 	void (*handler)(struct nhrp_packet_parser *);
 } packet_types[] = {
+	[0] = {
+		.type = PACKET_UNKNOWN,
+		.name = "UNKNOWN",
+	},
 	[NHRP_PACKET_RESOLUTION_REQUEST] = {
 		.type = PACKET_REQUEST,
 		.name = "Resolution-Request",
@@ -797,7 +801,7 @@ void nhrp_peer_recv(struct nhrp_peer *p, struct zbuf *zb)
 
 	nbma_afi = htons(hdr->afnum);
 	proto_afi = proto2afi(htons(hdr->protocol_type));
-	if (hdr->type > ZEBRA_NUM_OF(packet_types) ||
+	if (hdr->type > NHRP_PACKET_MAX ||
 	    hdr->version != NHRP_VERSION_RFC2332 ||
 	    nbma_afi >= AFI_MAX || proto_afi == AF_UNSPEC ||
 	    packet_types[hdr->type].type == PACKET_UNKNOWN ||
diff --git a/nhrpd/nhrp_protocol.h b/nhrpd/nhrp_protocol.h
index a4bc9fa6ba..d5f120ea0b 100644
--- a/nhrpd/nhrp_protocol.h
+++ b/nhrpd/nhrp_protocol.h
@@ -26,6 +26,7 @@
 #define NHRP_PACKET_PURGE_REPLY			6
 #define NHRP_PACKET_ERROR_INDICATION		7
 #define NHRP_PACKET_TRAFFIC_INDICATION		8
+#define NHRP_PACKET_MAX				8
 
 /* NHRP Extension Types */
 #define NHRP_EXTENSION_FLAG_COMPULSORY		0x8000
diff --git a/nhrpd/nhrp_vty.c b/nhrpd/nhrp_vty.c
index ae5bd6e23e..20ef17de00 100644
--- a/nhrpd/nhrp_vty.c
+++ b/nhrpd/nhrp_vty.c
@@ -74,7 +74,7 @@ static int nhrp_vty_return(struct vty *vty, int ret)
 	if (ret == NHRP_OK)
 		return CMD_SUCCESS;
 
-	if (ret > 0 && ret <= (int)ZEBRA_NUM_OF(errmsgs))
+	if (ret > 0 && ret <= NHRP_ERR_MAX)
 		if (errmsgs[ret])
 			str = errmsgs[ret];
 
diff --git a/nhrpd/nhrpd.h b/nhrpd/nhrpd.h
index 9a4f26d577..3071371969 100644
--- a/nhrpd/nhrpd.h
+++ b/nhrpd/nhrpd.h
@@ -35,7 +35,9 @@ enum {
 	NHRP_ERR_ENTRY_EXISTS,
 	NHRP_ERR_ENTRY_NOT_FOUND,
 	NHRP_ERR_PROTOCOL_ADDRESS_MISMATCH,
+	__NHRP_ERR_MAX
 };
+#define NHRP_ERR_MAX		(__NHRP_ERR_MAX - 1)
 
 struct notifier_block;
 
diff --git a/nhrpd/vici.c b/nhrpd/vici.c
index 18faca2d5a..a6d835562f 100644
--- a/nhrpd/vici.c
+++ b/nhrpd/vici.c
@@ -182,7 +182,8 @@ static void parse_sa_message(
 		case 'l':
 			if (blob_equal(key, "local-host") && ctx->nsections == 1) {
 				if (blob2buf(val, buf, sizeof(buf)))
-					str2sockunion(buf, &sactx->local.host);
+					if (str2sockunion(buf, &sactx->local.host) < 0)
+						zlog_err("VICI: bad strongSwan local-host: %s", buf);
 			} else if (blob_equal(key, "local-id") && ctx->nsections == 1) {
 				sactx->local.id = *val;
 			} else if (blob_equal(key, "local-cert-data") && ctx->nsections == 1) {
@@ -192,7 +193,8 @@ static void parse_sa_message(
 		case 'r':
 			if (blob_equal(key, "remote-host") && ctx->nsections == 1) {
 				if (blob2buf(val, buf, sizeof(buf)))
-					str2sockunion(buf, &sactx->remote.host);
+					if (str2sockunion(buf, &sactx->remote.host) < 0)
+						zlog_err("VICI: bad strongSwan remote-host: %s", buf);
 			} else if (blob_equal(key, "remote-id") && ctx->nsections == 1) {
 				sactx->remote.id = *val;
 			} else if (blob_equal(key, "remote-cert-data") && ctx->nsections == 1) {
@@ -261,6 +263,7 @@ static void vici_recv_message(struct vici_conn *vici, struct zbuf *msg)
 	uint32_t msglen;
 	uint8_t msgtype;
 	struct blob name;
+	struct vici_message_ctx ctx;
 
 	msglen = zbuf_get_be32(msg);
 	msgtype = zbuf_get8(msg);
@@ -283,7 +286,7 @@ static void vici_recv_message(struct vici_conn *vici, struct zbuf *msg)
 			vici_recv_sa(vici, msg, 2);
 		break;
 	case VICI_CMD_RESPONSE:
-		vici_parse_message(vici, msg, parse_cmd_response, 0);
+		vici_parse_message(vici, msg, parse_cmd_response, &ctx);
 		break;
 	case VICI_EVENT_UNKNOWN:
 	case VICI_CMD_UNKNOWN:
@@ -381,8 +384,6 @@ static void vici_submit_request(struct vici_conn *vici, const char *name, ...)
 			zbuf_put_be16(obuf, len);
 			zbuf_put(obuf, va_arg(va, void *), len);
 			break;
-		case VICI_END:
-			break;
 		default:
 			break;
 		}
@@ -491,7 +492,7 @@ int sock_open_unix(const char *path)
 
 	memset(&addr, 0, sizeof (struct sockaddr_un));
 	addr.sun_family = AF_UNIX;
-	strncpy(addr.sun_path, path, strlen (path));
+	strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
 
 	ret = connect(fd, (struct sockaddr *) &addr, sizeof(addr.sun_family) + strlen(addr.sun_path));
 	if (ret < 0) {
@@ -499,7 +500,11 @@ int sock_open_unix(const char *path)
 		return -1;
 	}
 
-	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
+	ret = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
+	if (ret < 0) {
+		close(fd);
+		return -1;
+	}
 
 	return fd;
 }
diff --git a/nhrpd/znl.c b/nhrpd/znl.c
index 2216d97eb8..5e9864c4d8 100644
--- a/nhrpd/znl.c
+++ b/nhrpd/znl.c
@@ -141,8 +141,10 @@ int znl_open(int protocol, int groups)
 	if (fd < 0)
 		return -1;
 
-	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
-	fcntl(fd, F_SETFD, FD_CLOEXEC);
+	if (fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK) < 0)
+		goto error;
+	if (fcntl(fd, F_SETFD, FD_CLOEXEC) < 0)
+		goto error;
 	if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &buf, sizeof(buf)) < 0)
 		goto error;