From: James Jones <jejones3141@gmail.com>
Date: Mon, 12 Sep 2022 23:34:47 +0000 (-0500)
Subject: Annotate false positive tainted_data (CID #1503893) (#4713)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e234f01324a07c54aa06081496946298e2c7993;p=thirdparty%2Ffreeradius-server.git

Annotate false positive tainted_data (CID #1503893) (#4713)

In fr_dhcv4_raw_packet_recv() (is there a reason for that
spelling?), coverity claims the downcast of packet->data
in the fr_dhcpv4_packet_get_option() call taints the contents
of packet->data, but it's cast to, and the called function
takes, a const-qualified pointer, so in what sense can it be
tainted?
---

diff --git a/src/protocols/dhcpv4/raw.c b/src/protocols/dhcpv4/raw.c
index 02e29da9dab..78f4df87f4e 100644
--- a/src/protocols/dhcpv4/raw.c
+++ b/src/protocols/dhcpv4/raw.c
@@ -318,6 +318,7 @@ fr_radius_packet_t *fr_dhcv4_raw_packet_recv(int sockfd, struct sockaddr_ll *lin
 	 *      and use that, too?
 	 */
 	memset(packet->vector, 0, sizeof(packet->vector));
+	/* coverity[tainted_data] */
 	memcpy(packet->vector, packet->data + 28, packet->data[2]);
 	packet->vector[packet->data[2]] = packet->code & 0xff;