1
0
mirror of https://passt.top/passt synced 2024-12-22 13:45:32 +00:00

treewide: Argument cannot be negative, CWE-687

Actually harmless. Reported by Coverity.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2022-04-05 11:51:47 +02:00
parent bb76470090
commit eb3d3f367e
4 changed files with 30 additions and 22 deletions

25
pasta.c
View File

@ -120,33 +120,24 @@ static int pasta_setup_ns(void *arg)
{
struct pasta_setup_ns_arg *a = (struct pasta_setup_ns_arg *)arg;
char *shell;
int fd;
if (!a->c->netns_only) {
char buf[BUFSIZ];
snprintf(buf, BUFSIZ, "%i %i %i", 0, a->euid, 1);
fd = open("/proc/self/uid_map", O_WRONLY | O_CLOEXEC);
if (write(fd, buf, strlen(buf)) < 0)
warn("Cannot set uid_map in namespace");
close(fd);
FWRITE("/proc/self/uid_map", buf,
"Cannot set uid_map in namespace");
fd = open("/proc/self/setgroups", O_WRONLY | O_CLOEXEC);
if (write(fd, "deny", sizeof("deny")) < 0)
warn("Cannot write to setgroups in namespace");
close(fd);
FWRITE("/proc/self/setgroups", "deny",
"Cannot write to setgroups in namespace");
fd = open("/proc/self/gid_map", O_WRONLY | O_CLOEXEC);
if (write(fd, buf, strlen(buf)) < 0)
warn("Cannot set gid_map in namespace");
close(fd);
FWRITE("/proc/self/gid_map", buf,
"Cannot set gid_map in namespace");
}
fd = open("/proc/sys/net/ipv4/ping_group_range", O_WRONLY | O_CLOEXEC);
if (write(fd, "0 0", strlen("0 0")) < 0)
warn("Cannot set ping_group_range, ICMP requests might fail");
close(fd);
FWRITE("/proc/sys/net/ipv4/ping_group_range", "0 0",
"Cannot set ping_group_range, ICMP requests might fail");
shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh";
if (strstr(shell, "/bash"))

10
qrap.c
View File

@ -234,16 +234,16 @@ int main(int argc, char **argv)
valid_args:
for (i = 1; i < UNIX_SOCK_MAX; i++) {
s = socket(AF_UNIX, SOCK_STREAM, 0);
if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)))
perror("setsockopt SO_RCVTIMEO");
if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)))
perror("setsockopt SO_SNDTIMEO");
if (s < 0) {
perror("socket");
exit(EXIT_FAILURE);
}
if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)))
perror("setsockopt SO_RCVTIMEO");
if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)))
perror("setsockopt SO_SNDTIMEO");
snprintf(addr.sun_path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
if (connect(s, (const struct sockaddr *)&addr, sizeof(addr)))
perror("connect");

5
tap.c
View File

@ -803,6 +803,11 @@ static void tap_sock_unix_init(struct ctx *c)
snprintf(path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
if (ex < 0) {
perror("UNIX domain socket check");
exit(EXIT_FAILURE);
}
ret = connect(ex, (const struct sockaddr *)&addr, sizeof(addr));
if (!ret || (errno != ENOENT && errno != ECONNREFUSED)) {
if (*c->sock_path) {

12
util.h
View File

@ -58,6 +58,18 @@ void trace_init(int enable);
#define TMPDIR "/tmp"
#endif
#define FWRITE(path, buf, str) \
do { \
int flags = O_WRONLY | O_CLOEXEC; \
int fd = open(path, flags); \
\
if (fd < 0 || \
write(fd, buf, strlen(buf)) != (int)strlen(buf)) \
warn(str); \
if (fd >= 0) \
close(fd); \
} while (0)
#define V4 0
#define V6 1
#define IP_VERSIONS 2