]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8d10654)
Use udp_len in UDP length checks
authorJames Jones <jejones3141@gmail.com>
Fri, 2 Jun 2023 13:45:24 +0000 (08:45 -0500)
committerAlan DeKok <aland@freeradius.org>
Wed, 7 Jun 2023 07:16:12 +0000 (03:16 -0400)
Coverity appears to be faked out by the use of diff to
validate udp_len, and hence complains about tainted data.

src/bin/radsniff.c patch | blob | blame | history

diff --git a/src/bin/radsniff.c b/src/bin/radsniff.c
index 064719f21d6522e3c115da82279d2aebd00d25c8..ec83e4c6f9e639e95ec8eb6253146fa4c998e747 100644 (file)
--- a/src/bin/radsniff.c
+++ b/src/bin/radsniff.c
@@ -1342,14 +1342,14 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt
        udp = (udp_header_t const *)p;
        {
                uint16_t udp_len;
-               ssize_t diff;
+               ssize_t actual_len;
 
                udp_len = ntohs(udp->len);
-               diff = udp_len - (header->caplen - (p - data));
+               actual_len = header->caplen - (p - data);
                /* Truncated data */
-               if (diff > 0) {
+               if (udp_len > actual_len) {
                        REDEBUG("Packet too small by %zi bytes, UDP header + Payload should be %hu bytes",
-                               diff, udp_len);
+                               udp_len - actual_len, udp_len);
                        return;
                }
 
@@ -1362,16 +1362,15 @@ static void rs_packet_process(uint64_t count, rs_event_t *event, struct pcap_pkt
                 *      Leaving the code here in case it's ever needed for
                 *      debugging.
                 */
-               else if (diff < 0) {
+               else if (udp_len < actual_len) {
                        REDEBUG("Packet too big by %zi bytes, UDP header + Payload should be %hu bytes",
-                               diff * -1, udp_len);
+                               actual_len - udp_len, udp_len);
                        return;
                }
 #endif
                if ((version == 4) && conf->verify_udp_checksum) {
                        uint16_t expected;
 
-                       /* coverity[tainted_data] */
                        expected = fr_udp_checksum((uint8_t const *) udp, udp_len, udp->checksum,
                                                   ip->ip_src, ip->ip_dst);
                        if (udp->checksum != expected) {
Mirror of https://github.com/FreeRADIUS/freeradius-server.git