From: James Jones Date: Fri, 25 Aug 2023 15:43:24 +0000 (-0500) Subject: Attempt to keep fr_nbo_to_foo() from tainting the pointer (#5156) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6bcdb8a7200cab4d185a9e73a823944983c15a8f;p=thirdparty%2Ffreeradius-server.git Attempt to keep fr_nbo_to_foo() from tainting the pointer (#5156) Related CIDs: #12433443, #1448182, #1520415, #1503937, #1503914 Coverity claims the fr_nbo_to_foo() functions taint the pointer passed to it. Thereafter, any data accessed via that pointer is considered tainted, and any copy of the pointer has the same issue. Something like this (copying the passed pointer to a local--with any optimization, register coalescence will mean this has zero overhead, BTW--is the only thing that comes to mind to work around the issue. --- diff --git a/src/lib/util/nbo.h b/src/lib/util/nbo.h index 83de015e74b..90e66b40084 100644 --- a/src/lib/util/nbo.h +++ b/src/lib/util/nbo.h @@ -128,6 +128,14 @@ static inline size_t fr_nbo_from_uint64v(uint8_t out[static sizeof(uint64_t)], u return ret; } + +/* + * The seemingly needless d pointer in fr_nbo_to_uint{16,32}() + * tries to keep coverity from considering data tainted, which in + * turn makes it think anything accessed via that pointer in the + * caller tainted as well. + */ + /** Read an unsigned 16bit integer from wire format (big endian) * * @param[in] data To convert to a 16bit unsigned integer of native endianness. @@ -135,7 +143,8 @@ static inline size_t fr_nbo_from_uint64v(uint8_t out[static sizeof(uint64_t)], u */ static inline uint16_t fr_nbo_to_uint16(uint8_t const data[static sizeof(uint16_t)]) { - return (((uint16_t)data[0]) << 8) | data[1]; + uint8_t const *d = data; + return (((uint16_t)d[0]) << 8) | d[1]; } /** Read an unsigned 24bit integer from wire format (big endian) @@ -145,7 +154,8 @@ static inline uint16_t fr_nbo_to_uint16(uint8_t const data[static sizeof(uint16_ */ static inline uint32_t fr_nbo_to_uint24(uint8_t const data[static 3]) { - return (((uint32_t)data[0]) << 16) | (((uint32_t)data[1]) << 8) | data[2]; + uint8_t const *d = data; + return (((uint32_t)d[0]) << 16) | (((uint32_t)d[1]) << 8) | d[2]; } /** Read an unsigned 32bit integer from wire format (big endian)