mirror of
https://passt.top/passt
synced 2024-12-22 13:45:32 +00:00
treewide: Argument cannot be negative, CWE-687
Actually harmless. Reported by Coverity. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
bb76470090
commit
eb3d3f367e
25
pasta.c
25
pasta.c
@ -120,33 +120,24 @@ static int pasta_setup_ns(void *arg)
|
||||
{
|
||||
struct pasta_setup_ns_arg *a = (struct pasta_setup_ns_arg *)arg;
|
||||
char *shell;
|
||||
int fd;
|
||||
|
||||
if (!a->c->netns_only) {
|
||||
char buf[BUFSIZ];
|
||||
|
||||
snprintf(buf, BUFSIZ, "%i %i %i", 0, a->euid, 1);
|
||||
|
||||
fd = open("/proc/self/uid_map", O_WRONLY | O_CLOEXEC);
|
||||
if (write(fd, buf, strlen(buf)) < 0)
|
||||
warn("Cannot set uid_map in namespace");
|
||||
close(fd);
|
||||
FWRITE("/proc/self/uid_map", buf,
|
||||
"Cannot set uid_map in namespace");
|
||||
|
||||
fd = open("/proc/self/setgroups", O_WRONLY | O_CLOEXEC);
|
||||
if (write(fd, "deny", sizeof("deny")) < 0)
|
||||
warn("Cannot write to setgroups in namespace");
|
||||
close(fd);
|
||||
FWRITE("/proc/self/setgroups", "deny",
|
||||
"Cannot write to setgroups in namespace");
|
||||
|
||||
fd = open("/proc/self/gid_map", O_WRONLY | O_CLOEXEC);
|
||||
if (write(fd, buf, strlen(buf)) < 0)
|
||||
warn("Cannot set gid_map in namespace");
|
||||
close(fd);
|
||||
FWRITE("/proc/self/gid_map", buf,
|
||||
"Cannot set gid_map in namespace");
|
||||
}
|
||||
|
||||
fd = open("/proc/sys/net/ipv4/ping_group_range", O_WRONLY | O_CLOEXEC);
|
||||
if (write(fd, "0 0", strlen("0 0")) < 0)
|
||||
warn("Cannot set ping_group_range, ICMP requests might fail");
|
||||
close(fd);
|
||||
FWRITE("/proc/sys/net/ipv4/ping_group_range", "0 0",
|
||||
"Cannot set ping_group_range, ICMP requests might fail");
|
||||
|
||||
shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh";
|
||||
if (strstr(shell, "/bash"))
|
||||
|
10
qrap.c
10
qrap.c
@ -234,16 +234,16 @@ int main(int argc, char **argv)
|
||||
valid_args:
|
||||
for (i = 1; i < UNIX_SOCK_MAX; i++) {
|
||||
s = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)))
|
||||
perror("setsockopt SO_RCVTIMEO");
|
||||
if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)))
|
||||
perror("setsockopt SO_SNDTIMEO");
|
||||
|
||||
if (s < 0) {
|
||||
perror("socket");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)))
|
||||
perror("setsockopt SO_RCVTIMEO");
|
||||
if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)))
|
||||
perror("setsockopt SO_SNDTIMEO");
|
||||
|
||||
snprintf(addr.sun_path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
|
||||
if (connect(s, (const struct sockaddr *)&addr, sizeof(addr)))
|
||||
perror("connect");
|
||||
|
5
tap.c
5
tap.c
@ -803,6 +803,11 @@ static void tap_sock_unix_init(struct ctx *c)
|
||||
snprintf(path, UNIX_PATH_MAX, UNIX_SOCK_PATH, i);
|
||||
|
||||
ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
|
||||
if (ex < 0) {
|
||||
perror("UNIX domain socket check");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
ret = connect(ex, (const struct sockaddr *)&addr, sizeof(addr));
|
||||
if (!ret || (errno != ENOENT && errno != ECONNREFUSED)) {
|
||||
if (*c->sock_path) {
|
||||
|
12
util.h
12
util.h
@ -58,6 +58,18 @@ void trace_init(int enable);
|
||||
#define TMPDIR "/tmp"
|
||||
#endif
|
||||
|
||||
#define FWRITE(path, buf, str) \
|
||||
do { \
|
||||
int flags = O_WRONLY | O_CLOEXEC; \
|
||||
int fd = open(path, flags); \
|
||||
\
|
||||
if (fd < 0 || \
|
||||
write(fd, buf, strlen(buf)) != (int)strlen(buf)) \
|
||||
warn(str); \
|
||||
if (fd >= 0) \
|
||||
close(fd); \
|
||||
} while (0)
|
||||
|
||||
#define V4 0
|
||||
#define V6 1
|
||||
#define IP_VERSIONS 2
|
||||
|
Loading…
Reference in New Issue
Block a user