Avoid what coverity calls "downcasting" (CID #1542293) (#5170)

packet->data is a uint8_t * formerly cast to dhcp_packet_t const *
to be passed to fr_dhcpv4_packet_get_option(). dhcp_packet_t is
more strictly aligned than uint8_t, so coverity considers this a
"tainted_data_downcast" and infers that the pointed-at data is
tainted.

To avoid the issue, the talloc_memdup() result is assigned first
to a dhcp_packet_t * to pass to fr_dhcpv4_packet_get_option(),
and cast to (uint8_t *) to assign to packet->data.

diff --git a/src/protocols/dhcpv4/raw.c b/src/protocols/dhcpv4/raw.c
index 7b8cd7566371d540781b2770bfc92d6d0cbef2e4..0d44703741c7a8d51aee1fe56fd7e1eb1be39668 100644 (file)
--- a/src/protocols/dhcpv4/raw.c
+++ b/src/protocols/dhcpv4/raw.c
@@ -171,6 +171,7 @@ fr_radius_packet_t *fr_dhcpv4_raw_packet_recv(int sockfd, struct sockaddr_ll *li
 {
        fr_pair_t               *vp;
        fr_radius_packet_t              *packet;
+       dhcp_packet_t           *dhcp_data;
        uint8_t const           *code;
        uint32_t                magic, xid;
        ssize_t                 data_len;
@@ -285,13 +286,22 @@ fr_radius_packet_t *fr_dhcpv4_raw_packet_recv(int sockfd, struct sockaddr_ll *li
        if (xid != (uint32_t)request->id) DISCARD_RP("DHCP transaction ID (0x%04x) != xid from request (0x%04x)",
                                                     xid, request->id)
 
-       /* all checks ok! this is a DHCP reply we're interested in. */
+       /*
+        *      all checks ok! this is a DHCP reply we're interested in.
+        *
+        *      dhcp_data is present to avoid what appears to coverity
+        *      to be a cast from a less aligned type to a more aligned
+        *      type in the fr_dhcpv4_packet_get_option() call, even though
+        *      talloc_memdup() returns a pointer aligned to TALLOC_ALIGN
+        *      bytes.
+        */
        packet->data_len = dhcp_data_len;
-       packet->data = talloc_memdup(packet, raw_packet + data_offset, dhcp_data_len);
+       dhcp_data = talloc_memdup(packet, raw_packet + data_offset, dhcp_data_len);
+       packet->data = (uint8_t *) dhcp_data;
        TALLOC_FREE(raw_packet);
        packet->id = xid;
 
-       code = fr_dhcpv4_packet_get_option((dhcp_packet_t const *) packet->data,
+       code = fr_dhcpv4_packet_get_option((dhcp_packet_t const *)dhcp_data,
                                           packet->data_len, attr_dhcp_message_type);
        if (!code) {
                fr_strerror_const("No message-type option was found in the packet");