From dc7607f687400f45f878ec69b40746bdaa262266 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 1 Aug 2024 11:44:51 +0900 Subject: [PATCH 1/6] test: resolve "Unchecked return value" coverity warning Follow-up for 8c57700b6b61318594aaa757dff5e34219c0281d. Fixes CID#1558539. --- src/resolve/test-resolved-link.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/test-resolved-link.c b/src/resolve/test-resolved-link.c index b9f0bc0fc87..54de7f7ce20 100644 --- a/src/resolve/test-resolved-link.c +++ b/src/resolve/test-resolved-link.c @@ -161,7 +161,7 @@ static void link_alloc_env_setup(LinkAllocEnv *env, int family, DnsServerType se env->manager = (Manager) {}; env->ifindex = 1; - sd_event_new(&env->manager.event); + ASSERT_OK(sd_event_new(&env->manager.event)); ASSERT_NOT_NULL(env->manager.event); ASSERT_OK(link_new(&env->manager, &env->link, env->ifindex)); From 96bf7e1f3b13845267e16577f0fb2536d0f46669 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 1 Aug 2024 11:47:33 +0900 Subject: [PATCH 2/6] test: resolve "Unchecked return value" coverity warning Follow-up for 5fef5552a658130f00dc97d0a1003a6a49f3ca96. Fixes CID#1558540. --- src/resolve/test-dns-search-domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/test-dns-search-domain.c b/src/resolve/test-dns-search-domain.c index 45adb9129cb..e73e4d99865 100644 --- a/src/resolve/test-dns-search-domain.c +++ b/src/resolve/test-dns-search-domain.c @@ -120,7 +120,7 @@ TEST(dns_search_domain_unlink_link) { _cleanup_(dns_search_domain_unrefp) DnsSearchDomain *sd1 = NULL, *sd3 = NULL; DnsSearchDomain *sd2 = NULL; - link_new(&manager, &link, 1); + ASSERT_OK(link_new(&manager, &link, 1)); ASSERT_NOT_NULL(link); dns_search_domain_new(&manager, &sd1, DNS_SEARCH_DOMAIN_LINK, link, "local"); From a30ac8d52cba121c3e28dcc2a01767f639bff665 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 1 Aug 2024 11:50:53 +0900 Subject: [PATCH 3/6] vmspawn: check overflow earlier Follow-up for 862c68a914ab4561d83875e58e05dcf65cb4a551. Fixes CID#1550749. --- src/vmspawn/vmspawn.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c index 8fad195abcd..030efbdb23f 100644 --- a/src/vmspawn/vmspawn.c +++ b/src/vmspawn/vmspawn.c @@ -626,10 +626,10 @@ static int read_vsock_notify(NotifyConnectionData *d, int fd) { if (n == 0) /* We hit EOF! Let's parse this */ break; - d->full += n; - - if (d->full >= sizeof(d->buffer)) + if ((size_t) n >= sizeof(d->buffer) - d->full) return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Received notify message exceeded maximum size."); + + d->full += n; } /* We reached EOF, now parse the thing */ From 6141fe925a88f88330b52f55f85fc7b20b4d227c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 1 Aug 2024 11:57:43 +0900 Subject: [PATCH 4/6] test: resolve "Unchecked return value" coverity warning Follow-up for c8210d98a4b64af6fadb1cb765c0451758af1303. Fixes CID#1548920. --- src/test/test-terminal-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test-terminal-util.c b/src/test/test-terminal-util.c index 68b9cbe6062..f1e04ae6320 100644 --- a/src/test/test-terminal-util.c +++ b/src/test/test-terminal-util.c @@ -279,7 +279,7 @@ TEST(get_color_mode) { test_get_color_mode_with_env("COLORTERM", "24bit", terminal_is_dumb() ? COLOR_OFF : COLOR_24BIT); test_get_color_mode_with_env("COLORTERM", "invalid", terminal_is_dumb() ? COLOR_OFF : COLOR_256); test_get_color_mode_with_env("COLORTERM", "42", terminal_is_dumb() ? COLOR_OFF : COLOR_256); - unsetenv("COLORTERM"); + ASSERT_OK_ERRNO(unsetenv("COLORTERM")); reset_terminal_feature_caches(); } From fea2f92d8d8eb367547314f7dba9476d4cfe3899 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 1 Aug 2024 15:58:30 +0900 Subject: [PATCH 5/6] test: use ASSERT_OK_ERRNO() for setenv() and unsetenv() --- src/test/test-calendarspec.c | 2 +- src/test/test-cgroup-setup.c | 30 +++++++++++++++--------------- src/test/test-os-util.c | 12 ++++++------ src/test/test-terminal-util.c | 8 ++++---- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c index 7cda114de6b..f13d982e10c 100644 --- a/src/test/test-calendarspec.c +++ b/src/test/test-calendarspec.c @@ -256,7 +256,7 @@ TEST(calendar_spec_from_string) { static int intro(void) { /* Tests have hard-coded results that do not expect a specific timezone to be set by the caller */ - ASSERT_OK(unsetenv("TZ")); + ASSERT_OK_ERRNO(unsetenv("TZ")); return EXIT_SUCCESS; } diff --git a/src/test/test-cgroup-setup.c b/src/test/test-cgroup-setup.c index 8b5d02d5b79..af5712060bf 100644 --- a/src/test/test-cgroup-setup.c +++ b/src/test/test-cgroup-setup.c @@ -31,33 +31,33 @@ TEST(is_wanted_print) { } TEST(is_wanted) { - ASSERT_OK(setenv("SYSTEMD_PROC_CMDLINE", - "systemd.unified_cgroup_hierarchy", 1)); + ASSERT_OK_ERRNO(setenv("SYSTEMD_PROC_CMDLINE", + "systemd.unified_cgroup_hierarchy", 1)); test_is_wanted_print_one(false); - ASSERT_OK(setenv("SYSTEMD_PROC_CMDLINE", - "systemd.unified_cgroup_hierarchy=0", 1)); + ASSERT_OK_ERRNO(setenv("SYSTEMD_PROC_CMDLINE", + "systemd.unified_cgroup_hierarchy=0", 1)); test_is_wanted_print_one(false); - ASSERT_OK(setenv("SYSTEMD_PROC_CMDLINE", - "systemd.unified_cgroup_hierarchy=0 " - "systemd.legacy_systemd_cgroup_controller", 1)); + ASSERT_OK_ERRNO(setenv("SYSTEMD_PROC_CMDLINE", + "systemd.unified_cgroup_hierarchy=0 " + "systemd.legacy_systemd_cgroup_controller", 1)); test_is_wanted_print_one(false); - ASSERT_OK(setenv("SYSTEMD_PROC_CMDLINE", - "systemd.unified_cgroup_hierarchy=0 " - "systemd.legacy_systemd_cgroup_controller=0", 1)); + ASSERT_OK_ERRNO(setenv("SYSTEMD_PROC_CMDLINE", + "systemd.unified_cgroup_hierarchy=0 " + "systemd.legacy_systemd_cgroup_controller=0", 1)); test_is_wanted_print_one(false); /* cgroup_no_v1=all implies unified cgroup hierarchy, unless otherwise * explicitly specified. */ - ASSERT_OK(setenv("SYSTEMD_PROC_CMDLINE", - "cgroup_no_v1=all", 1)); + ASSERT_OK_ERRNO(setenv("SYSTEMD_PROC_CMDLINE", + "cgroup_no_v1=all", 1)); test_is_wanted_print_one(false); - ASSERT_OK(setenv("SYSTEMD_PROC_CMDLINE", - "cgroup_no_v1=all " - "systemd.unified_cgroup_hierarchy=0", 1)); + ASSERT_OK_ERRNO(setenv("SYSTEMD_PROC_CMDLINE", + "cgroup_no_v1=all " + "systemd.unified_cgroup_hierarchy=0", 1)); test_is_wanted_print_one(false); } diff --git a/src/test/test-os-util.c b/src/test/test-os-util.c index 55475a56ae9..74802a23b38 100644 --- a/src/test/test-os-util.c +++ b/src/test/test-os-util.c @@ -27,7 +27,7 @@ TEST(parse_os_release) { log_info("ID: %s", id); } - ASSERT_EQ(setenv("SYSTEMD_OS_RELEASE", "/dev/null", 1), 0); + ASSERT_OK_ERRNO(setenv("SYSTEMD_OS_RELEASE", "/dev/null", 1)); ASSERT_EQ(parse_os_release(NULL, "ID", &id2), 0); log_info("ID: %s", strnull(id2)); @@ -36,7 +36,7 @@ TEST(parse_os_release) { "ID=the-id \n" "NAME=the-name"), 0); - ASSERT_EQ(setenv("SYSTEMD_OS_RELEASE", tmpfile, 1), 0); + ASSERT_OK_ERRNO(setenv("SYSTEMD_OS_RELEASE", tmpfile, 1)); ASSERT_EQ(parse_os_release(NULL, "ID", &id, "NAME", &name), 0); log_info("ID: %s NAME: %s", id, name); ASSERT_STREQ(id, "the-id"); @@ -48,7 +48,7 @@ TEST(parse_os_release) { "ID=\"the-id\" \n" "NAME='the-name'"), 0); - ASSERT_EQ(setenv("SYSTEMD_OS_RELEASE", tmpfile2, 1), 0); + ASSERT_OK_ERRNO(setenv("SYSTEMD_OS_RELEASE", tmpfile2, 1)); ASSERT_EQ(parse_os_release(NULL, "ID", &id, "NAME", &name), 0); log_info("ID: %s NAME: %s", id, name); ASSERT_STREQ(id, "the-id"); @@ -58,7 +58,7 @@ TEST(parse_os_release) { log_info("FOOBAR: %s", strnull(foobar)); ASSERT_NULL(foobar); - assert_se(unsetenv("SYSTEMD_OS_RELEASE") == 0); + ASSERT_OK_ERRNO(unsetenv("SYSTEMD_OS_RELEASE")); } TEST(parse_extension_release) { @@ -111,14 +111,14 @@ TEST(load_os_release_pairs) { "ID=\"the-id\" \n" "NAME='the-name'"), 0); - ASSERT_EQ(setenv("SYSTEMD_OS_RELEASE", tmpfile, 1), 0); + ASSERT_OK_ERRNO(setenv("SYSTEMD_OS_RELEASE", tmpfile, 1)); _cleanup_strv_free_ char **pairs = NULL; ASSERT_EQ(load_os_release_pairs(NULL, &pairs), 0); assert_se(strv_equal(pairs, STRV_MAKE("ID", "the-id", "NAME", "the-name"))); - ASSERT_EQ(unsetenv("SYSTEMD_OS_RELEASE"), 0); + ASSERT_OK_ERRNO(unsetenv("SYSTEMD_OS_RELEASE")); } TEST(os_release_support_ended) { diff --git a/src/test/test-terminal-util.c b/src/test/test-terminal-util.c index f1e04ae6320..9e87c4d195f 100644 --- a/src/test/test-terminal-util.c +++ b/src/test/test-terminal-util.c @@ -251,7 +251,7 @@ TEST(terminal_is_pty_fd) { } static void test_get_color_mode_with_env(const char *key, const char *val, ColorMode expected) { - ASSERT_OK(setenv(key, val, true)); + ASSERT_OK_ERRNO(setenv(key, val, true)); reset_terminal_feature_caches(); log_info("get_color_mode($%s=%s): %s", key, val, color_mode_to_string(get_color_mode())); ASSERT_EQ(get_color_mode(), expected); @@ -269,11 +269,11 @@ TEST(get_color_mode) { test_get_color_mode_with_env("SYSTEMD_COLORS", "yes", COLOR_24BIT); test_get_color_mode_with_env("SYSTEMD_COLORS", "24bit", COLOR_24BIT); - ASSERT_OK(setenv("NO_COLOR", "1", true)); + ASSERT_OK_ERRNO(setenv("NO_COLOR", "1", true)); test_get_color_mode_with_env("SYSTEMD_COLORS", "42", COLOR_OFF); test_get_color_mode_with_env("SYSTEMD_COLORS", "invalid", COLOR_OFF); - ASSERT_OK(unsetenv("NO_COLOR")); - ASSERT_OK(unsetenv("SYSTEMD_COLORS")); + ASSERT_OK_ERRNO(unsetenv("NO_COLOR")); + ASSERT_OK_ERRNO(unsetenv("SYSTEMD_COLORS")); test_get_color_mode_with_env("COLORTERM", "truecolor", terminal_is_dumb() ? COLOR_OFF : COLOR_24BIT); test_get_color_mode_with_env("COLORTERM", "24bit", terminal_is_dumb() ? COLOR_OFF : COLOR_24BIT); From f7012a93a7f04fa29c7933a4963aa17fcf120e97 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 1 Aug 2024 12:03:54 +0900 Subject: [PATCH 6/6] import: check overflow Fixes CID#1548022 and CID#1548075. --- src/import/import-raw.c | 5 +++++ src/import/import-tar.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/src/import/import-raw.c b/src/import/import-raw.c index ee9b297bfeb..78775b96d67 100644 --- a/src/import/import-raw.c +++ b/src/import/import-raw.c @@ -409,6 +409,11 @@ static int raw_import_process(RawImport *i) { goto finish; } + if ((size_t) l > sizeof(i->buffer) - i->buffer_size) { + r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size."); + goto finish; + } + i->buffer_size += l; if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) { diff --git a/src/import/import-tar.c b/src/import/import-tar.c index 39df11b5ff6..976c9182461 100644 --- a/src/import/import-tar.c +++ b/src/import/import-tar.c @@ -276,6 +276,11 @@ static int tar_import_process(TarImport *i) { goto finish; } + if ((size_t) l > sizeof(i->buffer) - i->buffer_size) { + r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size."); + goto finish; + } + i->buffer_size += l; if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {