welterde/l2tpns
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'coverity' into 'master'

Browse source 
coverity misc fixes

See merge request l2tpns/l2tpns!18
This commit is contained in:
sthibaul 2022-11-05 22:27:07 +00:00
commit 19ee48869f
4 changed files with 16 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
arp.c
View file

@ -55,7 +55,7 @@ void sendarp(int ifr_idx, const unsigned char* mac, in_addr_t ip)
memset(&sll, 0, sizeof(sll)); memset(&sll, 0, sizeof(sll));
sll.sll_family = AF_PACKET; sll.sll_family = AF_PACKET;
memcpy(sll.sll_addr, mac, sizeof(sll.sll_addr) - 1); memcpy(sll.sll_addr, mac, ETH_ALEN);
sll.sll_halen = ETH_ALEN; sll.sll_halen = ETH_ALEN;
sll.sll_ifindex = ifr_idx; sll.sll_ifindex = ifr_idx;

2
bgp.c
View file

@ -1028,7 +1028,7 @@ static int bgp_write(struct bgp_peer *peer)
int len = htons(peer->outbuf->packet.header.len); int len = htons(peer->outbuf->packet.header.len);
int r; int r;
while ((r = write(peer->sock, &peer->outbuf->packet + peer->outbuf->done, while ((r = write(peer->sock, (char*)&peer->outbuf->packet + peer->outbuf->done,
len - peer->outbuf->done)) == -1) len - peer->outbuf->done)) == -1)
{ {
if (errno == EINTR) if (errno == EINTR)

8
l2tpns.c
View file

@ -2705,6 +2705,8 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
{ {
LOG(1, s, t, "Invalid length in AVP\n"); LOG(1, s, t, "Invalid length in AVP\n");
STAT(tunnel_rx_errors); STAT(tunnel_rx_errors);
free(sendchalresponse);
free(recvchalresponse);
return; return;
} }
p += n; // next p += n; // next
@ -3250,6 +3252,8 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
controladd(c, asession, t); // send the message controladd(c, asession, t); // send the message
} }
free(sendchalresponse);
free(recvchalresponse);
return; return;
case 11: // ICRP case 11: // ICRP
LOG(3, s, t, "Received ICRP\n"); LOG(3, s, t, "Received ICRP\n");
@ -3304,8 +3308,8 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr, uint16_t indexu
LOG(1, s, t, "Unknown message type %u\n", message); LOG(1, s, t, "Unknown message type %u\n", message);
break; break;
} }
if (sendchalresponse) free(sendchalresponse); free(sendchalresponse);
if (recvchalresponse) free(recvchalresponse); free(recvchalresponse);
cluster_send_tunnel(t); cluster_send_tunnel(t);
} }
else else

15
pppoe.c
View file

@ -343,7 +343,7 @@ static void pppoe_disc_send(const uint8_t *pack)
void pppoe_sess_send(const uint8_t *pack, uint16_t l, tunnelidt t) void pppoe_sess_send(const uint8_t *pack, uint16_t l, tunnelidt t)
{ {
struct pppoe_hdr *hdr = (struct pppoe_hdr *)(pack + ETH_HLEN); struct pppoe_hdr *hdr;
int n; int n;
uint16_t sizeppp; uint16_t sizeppp;
sessionidt s; sessionidt s;
@ -354,6 +354,13 @@ void pppoe_sess_send(const uint8_t *pack, uint16_t l, tunnelidt t)
return; return;
} }
if (l < (ETH_HLEN + sizeof(*hdr) + 3))
{
LOG(3, 0, t, "ERROR pppoe_sess_send: packet too small for pppoe sent (size=%d)\n", l);
return;
}
hdr = (struct pppoe_hdr *)(pack + ETH_HLEN);
s = ntohs(hdr->sid); s = ntohs(hdr->sid);
if (session[s].tunnel != t) if (session[s].tunnel != t)
{ {
@ -361,12 +368,6 @@ void pppoe_sess_send(const uint8_t *pack, uint16_t l, tunnelidt t)
return; return;
} }
if (l < (ETH_HLEN + sizeof(*hdr) + 3))
{
LOG(0, s, t, "ERROR pppoe_sess_send: packet too small for pppoe sent (size=%d)\n", l);
return;
}
// recalculate the ppp frame length // recalculate the ppp frame length
sizeppp = l - (ETH_HLEN + sizeof(*hdr)); sizeppp = l - (ETH_HLEN + sizeof(*hdr));
hdr->length = htons(sizeppp); hdr->length = htons(sizeppp);