Opened 4 years ago

Last modified 2 years ago

#3440 new defect

Argument in cannot be negative ( src/lib/util/io/fd_share.c, valgrind)

Reported by: stephen Owned by:
Priority: very low Milestone: Outstanding Tasks
Component: Unclassified Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

This is a possible issue picked up by Coverity (CID: 1202660) in the function "recv_fd" in src/lib/util/io/fd_share.c. The relevant section of code is:

103    const struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msghdr);
   
3. var_tested_neg: Assigning: fd = a negative value.
104    int fd = FD_OTHER_ERROR;
   
4. Condition cmsg != NULL, taking true branch
   
5. Condition cmsg->cmsg_len == isc::util::io::<unnamed>::cmsg_len(4U /* sizeof (int) */), taking true branch
   
6. Condition cmsg->cmsg_level == 1, taking true branch
   
7. Condition cmsg->cmsg_type == SCM_RIGHTS, taking false branch
105    if (cmsg != NULL && cmsg->cmsg_len == cmsg_len(sizeof(int)) &&
106        cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
107        std::memcpy(&fd, CMSG_DATA(cmsg), sizeof(int));
108    }
109    free(msghdr.msg_control);
110    // It is strange, but the call can return the same file descriptor as
111    // one returned previously, even if that one is not closed yet. So,
112    // we just re-number every one we get, so they are unique.
   
CID 1202660 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS)8. negative_returns: fd is passed to a parameter that cannot be negative.
113    int new_fd(dup(fd));

"fd" is set negative to start with. If the "if" test is false, a negative value is used in subsequent file descriptor manipulation.

Subtickets

Change History (5)

comment:1 Changed 4 years ago by tomek

  • Milestone changed from Kea-proposed to Kea1.0

comment:2 Changed 3 years ago by tomek

  • Summary changed from Argument cannot be negative to Argument in cannot be negative ( src/lib/util/io/fd_share.c, valgrind)
  • Version set to git

comment:3 Changed 2 years ago by marcin

  • Priority changed from low to very low

Move to "very-low" priority as per ticket scrub on 07/31/2015.

comment:4 Changed 2 years ago by hschempf

  • Milestone changed from Kea1.0 to DHCP Outstanding Tasks

Team decision to move to outstanding

comment:5 Changed 2 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks

Milestone renamed

Note: See TracTickets for help on using tickets.