Age | Commit message (Collapse) | Author |
|
While at it, avoid global variables.
Coverity also warned at this place, though the warning from
coverity was bogus:
Error: STRING_OVERFLOW (CWE-120):
libnl-3.6.0/src/nl-pktloc-lookup.c:72: fixed_size_dest: You might overrun the 16-character fixed-size string "buf" by copying "align_txt[loc->align]" without checking the length.
# 70|···
# 71| if (loc->align <= 4)
# 72|-> strcpy(buf, align_txt[loc->align]);
# 73| else
# 74| snprintf(buf, sizeof(buf), "%u", loc->align);
|
|
Error: SIZEOF_MISMATCH (CWE-398):
libnl-3.6.0/lib/route/link/sriov.c:125: suspicious_sizeof: Passing argument "dst_vlan_info" of type "nl_vf_vlan_info_t *" and argument "dst_vlans->size * 8UL /* sizeof (dst_vlan_info) */"
libnl-3.6.0/lib/route/link/sriov.c:125: remediation: Did you intend to use "sizeof (*dst_vlan_info)" instead of "sizeof (dst_vlan_info)"?
# 123| dst_vlan_info = dst_vlans->vlans;
# 124| memcpy(dst_vlans, src_vlans, sizeof(nl_vf_vlans_t));
# 125|-> memcpy(dst_vlan_info, src_vlan_info,
# 126| dst_vlans->size * sizeof(dst_vlan_info));
# 127| d_vf->vf_vlans = dst_vlans;
Fixes: a59cab6d0b0f ('lib/route: SRIOV Clone Support')
|
|
This was wrong. Also, coverity warns about the trailing % in the format
string.
Error: PRINTF_ARGS (CWE-475):
libnl-3.6.0/lib/route/qdisc/netem.c:164: format_error: Format string ended in the middle of specifier "%".
# 162|···
# 163| if (netem->qnm_mask & SCH_NETEM_ATTR_DELAY_CORR && netem->qnm_corr.nmc_delay > 0)
# 164|-> nl_dump(p, " %d%", netem->qnm_corr.nmc_delay);
# 165| }
# 166| }
|
|
The if statement was wrong and always true. Drop it,
the remaining code handles the cases of no flags already
correctly.
Error: DEADCODE (CWE-561):
libnl-3.6.0/lib/route/cls/u32.c:361: dead_error_condition: The condition "!(u->cu_mask & 0)" must be true.
libnl-3.6.0/lib/route/cls/u32.c:366: dead_error_line: Execution cannot reach this statement: "if (!(u->cu_mask & 0x20)) {...".
# 364| }
# 365|···
# 366|-> if (!(u->cu_mask & U32_ATTR_SELECTOR)) {
# 367| nl_dump(p, "no-selector");
# 368| } else {
|
|
CONSTANT_EXPRESSION_RESULT
Error: CONSTANT_EXPRESSION_RESULT (CWE-569):
libnl-3.6.0/lib/route/link/vrf.c:237: result_independent_of_operands: "id > RT_TABLE_MAX" is always false regardless of the values of its operands. This occurs as the logical operand of "i
# 235|···
# 236| IS_VRF_LINK_ASSERT(link);
# 237|-> if(id > VRF_TABLE_ID_MAX)
# 238| return -NLE_INVAL;
# 239|···
|
|
It's unclear to me, how to avoid this "leak". It's intentional, given the
existing API. Try to suppress the warning.
Error: RESOURCE_LEAK (CWE-772):
libnl-3.6.0/src/lib/utils.c:232: alloc_fn: Storage is returned from allocation function "dlopen".
libnl-3.6.0/src/lib/utils.c:232: var_assign: Assigning: "handle" = storage returned from "dlopen(path, 2)".
libnl-3.6.0/src/lib/utils.c:236: leaked_storage: Variable "handle" going out of scope leaks the storage it points to.
# 234| path, dlerror());
# 235| }
# 236|-> }
# 237| #else
# 238| nl_cli_fatal(ENOTSUP, "Unable to load module \"%s\": built without dynamic libraries support\n",
|
|
Coverity doesn't like this:
libnl-3.6.0/lib/route/link/ip6vti.c:209: invalid_type: Argument "ip6vti->remote" to format specifier "%#x" was expected to have type "unsigned int" but has type "struct in6_addr".
libnl-3.6.0/lib/route/link/ip6vti.c:201: invalid_type: Argument "ip6vti->local" to format specifier "%#x" was expected to have type "unsigned int" but has type "struct in6_addr".
libnl-3.6.0/lib/route/link/ip6gre.c:285: invalid_type: Argument "ip6gre->remote" to format specifier "%#x" was expected to have type "unsigned int" but has type "struct in6_addr".
libnl-3.6.0/lib/route/link/ip6gre.c:277: invalid_type: Argument "ip6gre->local" to format specifier "%#x" was expected to have type "unsigned int" but has type "struct in6_addr".
Coverity is right. But in practice, this code was unreachable
because there is no scenario when inet_ntop() will fail.
|
|
inet_ntop() is documented to fail, so we have various places
with pointless (and wrong) error checking. Well, it can fail
if we pass an unexpected address family (which we must not and
assert against that), or if we pass an invalid string buffer (which we
must not, and cannot meaningfully assert for that). So it can only fail
in case of a bug and there is no need for error checking.
Yes, libc could theoretically fail, but if it fails on such a function that
requires no memory allocation, then it really needs to be fixed.
|
|
I think the following warning is bogus. Still, warnings are annoying, so
let's try to workaround.
Error: CLANG_WARNING: [#def47]
libnl-3.6.0/lib/route/link.c:2566:11: warning[unix.Malloc]: Potential leak of memory pointed to by 'kind'
# 2564| if ( io->io_alloc
# 2565| && (err = io->io_alloc(link)) < 0)
# 2566|-> return err;
# 2567|
# 2568| link->l_info_ops = io;
|
|
Workaround coverity warnings like:
Error: CLANG_WARNING:
libnl-3.6.0/lib/netfilter/exp.c:428:7: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 426| }
# 427|···
# 428|-> if ((err = nfnl_exp_build_tuple(msg, exp, CTA_EXPECT_NAT)) < 0)
# 429| goto nla_put_failure;
# 430|···
|
|
Coverity says:
libnl-3.6.0/lib/route/mdb.c:198: check_return: Calling "nla_parse_nested" without checking return value (as is done elsewhere 43 out of 44 times).
|
|
|
|
Found by coverity:
libnl-3.6.0/lib/route/mdb.c:242: leaked_storage: Variable "entry" going out of scope leaks the storage it points to.
|
|
|
|
Found by coverity:
4. libnl-3.6.0/lib/route/mdb.c:198: overrun-buffer-arg: Overrunning array "db_attr" of 1 8-byte elements by passing it to a function which accesses it at element index 1 (byte offset 15) using argument "1".
Fixes: 0ec6c6c2f023 ('mdb: support bridge multicast database notification')
|
|
Seems this can happen, but we probably can just continue with the
unit test. Just ignore the error.
https://github.com/thom311/libnl/issues/308
|
|
|
|
|
|
|
|
|
|
"check-direct" needs to statically link with the libraries, because
it wants to test internal ABI, which is hidden in the share libraries.
When configuring with "--disable-static", static libs are not build
and the test tool cannot be build.
Just skip the test in that case.
https://github.com/thom311/libnl/issues/306
|
|
|
|
Fixes: d9dc6c20a360 ('ip6vti: Add IPv6 VTI support')
|
|
|
|
|
|
https://github.com/thom311/libnl/pull/305
|
|
The kernel bridge now support (permanent) forwarding of MAC multicast
using the MDB. Internally the kernel use AF_UNSPEC, but we remap this
here to AF_LLC for the benefit for nl_addrs.
To test, put `nl-monitor mdb` in the background. Then, with a bridge
and at least one port, run the following command:
# nl-monitor mdb &
# bridge mdb add dev br0 port eth0 grp 01:02:03:c0:ff:ee vid 1 permanent
dev 9
port 3 vid 1 proto 0x0000 address 01:02:03:c0:ff:ee
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
|
|
When using, e.g., nl-monitor to debug the bridge mdb the nl-monitor tool
did not dump anything. This change adds the missing stats dump callback
to rectify this issue, and also the details callback for completeness.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
|
|
When debugging subystemns in libnl it's rather handy to use nl-monitor.
This change adds support for setting the nl_debug level of libnl.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
|
|
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
|
|
The enum macsec_validation_type in the Linux Kernel has values 0-2.
With the existing check >1, value STRICT (2) cannot be set.
The check should be done against the end marker of the enum instead.
https://github.com/thom311/libnl/pull/304
|
|
Adds support for the new VLAN_FLAG_BRIDGE_BINDING, for VLAN interfaces
created on top of a VLAN aware bridge. For details, see the kernel
patch:
https://lore.kernel.org/netdev/20190418173535.22925-1-mmanning@vyatta.att-mail.com/
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
https://github.com/thom311/libnl/pull/303
|
|
In addition to gcc.
|
|
|
|
https://github.com/thom311/libnl/pull/301
|
|
nl_object_clone() first does a shallow copy using memcpy().
That is useful, because it can correctly copy simple fields
(like numbers). For pointer values, we need to implement
oo_clone() to fixup the pointers and get the deep-copy correct.
Now, oo_clone() must always follow through, to un-alias the copied
pointer. In particular also in the error case. The oo_clone()
implementations sometimes fail (with ENOMEM) and just return.
In those cases, we must make sure that we don't leave the wrong pointers
there. The pointers must be cleared first.
Otherwise, any failure (which basically are ENOMEM) leave the object
in an inconsistent state, and we double-free/use-after-free the
pointers.
|
|
nl_object_clone() first does a shallow copy, before calling
oo_clone() (link_clone()). That means, the pointer values
of the link object in link_clone() are invalid (as they alias
the pointers from the source object).
We need to get the ref-counting for dst->l_info_ops right.
It was not.
For example, previously when we called io_clone() handler, dst->l_info_ops
would still point to the one from src->l_info_ops, but without owning
the additional reference. Then we call io_clone(), for example
can_clone() for can devices. That one calls first rtnl_link_set_type(),
which first calls release_link_info() -- and unrefs the ops, without
having owned a reference.
Fix that, by getting the reference counting right, before calling
io_clone(). Arguably, we now do duplicate work. First taking a ref, then
calling rtnl_link_set_type() which releases and retakes the ref. But at
least, this way it's correct.
This probably did not cause issues before, because the entire
ref-counting is mostly useless anyway. It's only used for asserting
during rtnl_link_unregister_info() -- and then it checks that the ref
count is not positive (but we release too many references, not too few).
Anyway. *sigh*.
|
|
If the object has no complex data (pointers!), then the base
implementation using memcpy() is enough. No need to implement
oo_clone().
|
|
If an error happens (ENOMEM), we should leave the object in a consistent
state (e.g. setting log_msg_payload *and* log_msg_payload_len). Or even
better, don't modify it at all in the error case.
|
|
|
|
|
|
|
|
io_refcnt
|
|
We have a base-set of tools, under netlink-private. It should not be
necessary to include all the bits individually. Just drag this all in.
Only downside is that the compiler has more to parse.
|
|
https://github.com/thom311/libnl/pull/302
|
|
|
|
This suite has fixture/teardown which creates a new netns for the test.
No tests implemented yet.
|
|
We run the unit tests as non-root user, so usually we wouldn't have
CAP_NET_ADMIN permissions to change networking. Also, we wouldn't want
that our unit tests depend on the networking of the test host (or
changes it).
For each test, enter a new network namespace (and user/mnt namespace).
There we will have the necessary permissions, and we are in full control
of the things in the namespace.
Note yet used.
|
|
|
|
- we have "check-all.c" and "check-direct.c", which contains the
main functions of the actual tests.
On the other hand, the other "check-{addr,attr,ematch-tree-clone}.c"
files only contained the test suites for "check-all.c". Rename
the latter to have a separate name prefix.
- rename "tests/util.h" to "tests/cksuite-all.h". It's really the
header that declares all the suites.
- add a "tests/nl-test-util.c" as a static helper library with
test code.
|