nwfilter: address coverity findings

This patch addresses the following coverity findings:

/libvirt/src/conf/nwfilter_params.c:157:
deref_parm: Directly dereferencing parameter "val".

/libvirt/src/conf/nwfilter_params.c:473:
negative_returns: Using variable "iterIndex" as an index to array "res->iter".

/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-d 01:80:c2:00:00:00 ")".

/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2894:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr)".

/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3590:
var_deref_op: Dereferencing null variable "inst".

diff --git a/src/conf/nwfilter_params.c b/src/conf/nwfilter_params.c
index 3ad4bed9956cd33499b63279ea342c224861e3f6..bf3f1c10d146c9e8fbd756fa06a857f4bd1617ae 100644 (file)
--- a/src/conf/nwfilter_params.c
+++ b/src/conf/nwfilter_params.c
@@ -154,6 +154,9 @@ virNWFilterVarValueGetNthValue(virNWFilterVarValuePtr val, unsigned int idx)
 {
     const char *res = NULL;
 
+    if (!val)
+        return NULL;
+
     switch (val->valType) {
     case NWFILTER_VALUE_TYPE_SIMPLE:
         if (idx == 0)
@@ -467,7 +470,7 @@ virNWFilterVarCombIterCreate(virNWFilterHashTablePtr hash,
             res->nIter++;
             break;
         case VIR_NWFILTER_VAR_ACCESS_LAST:
-            break;
+            goto err_exit;
         }
 
         if (virNWFilterVarCombIterAddVariable(&res->iter[iterIndex],

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 8e4436f154f1577a75818cd322262699804134a4..28f48bd54c6e2426fcfaa24d2577d09b7dee8bd9 100644 (file)
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -2888,10 +2888,11 @@ ebtablesCreateTmpSubChain(ebiptablesRuleInstPtr *inst,
         protostr = strdup("");
         break;
     case L2_PROTO_STP_IDX:
-        virAsprintf(&protostr, "-d " NWFILTER_MAC_BGA " ");
+        ignore_value(virAsprintf(&protostr, "-d " NWFILTER_MAC_BGA " "));
         break;
     default:
-        virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr);
+        ignore_value(virAsprintf(&protostr, "-p 0x%04x ",
+                     l3_protocols[protoidx].attr));
         break;
     }
 
@@ -3589,6 +3590,9 @@ ebiptablesApplyNewRules(const char *ifname,
     int nEbtChains = 0;
     char *errmsg = NULL;
 
+    if (inst == NULL)
+        nruleInstances = 0;
+
     if (!chains_in_set || !chains_out_set) {
         virReportOOMError();
         goto exit_free_sets;