From ce2ecc96433272f41ad8b50d799e510d201c9fe8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Wed, 2 Feb 2022 14:37:37 +0100 Subject: [PATCH] MINOR: quic: Potential overflow expression in qc_parse_frm() This should fix Coverity CID 375056 where an unsigned char was used to store a 32bit mask. --- src/quic_frame.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/quic_frame.c b/src/quic_frame.c index cd607ac3ae..721b5e02df 100644 --- a/src/quic_frame.c +++ b/src/quic_frame.c @@ -1000,8 +1000,8 @@ static int quic_parse_handshake_done_frame(struct quic_frame *frm, struct quic_c struct quic_frame_builder { int (*func)(unsigned char **buf, const unsigned char *end, struct quic_frame *frm, struct quic_conn *conn); + uint32_t mask; unsigned char flags; - unsigned char mask; }; const struct quic_frame_builder quic_frame_builders[] = { @@ -1041,8 +1041,8 @@ const struct quic_frame_builder quic_frame_builders[] = { struct quic_frame_parser { int (*func)(struct quic_frame *frm, struct quic_conn *qc, const unsigned char **buf, const unsigned char *end); + uint32_t mask; unsigned char flags; - unsigned char mask; }; const struct quic_frame_parser quic_frame_parsers[] = { @@ -1100,7 +1100,7 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt, } parser = &quic_frame_parsers[frm->type]; - if (!(parser->mask & (1 << pkt->type))) { + if (!(parser->mask & (1U << pkt->type))) { TRACE_DEVEL("unauthorized frame", QUIC_EV_CONN_PRSFRM, qc, frm); return 0; } @@ -1126,10 +1126,10 @@ int qc_build_frm(unsigned char **buf, const unsigned char *end, const struct quic_frame_builder *builder; builder = &quic_frame_builders[frm->type]; - if (!(builder->mask & (1 << pkt->type))) { + if (!(builder->mask & (1U << pkt->type))) { /* XXX This it a bug to send an unauthorized frame with such a packet type XXX */ TRACE_DEVEL("frame skipped", QUIC_EV_CONN_BFRM, qc, frm); - BUG_ON(!(builder->mask & (1 << pkt->type))); + BUG_ON(!(builder->mask & (1U << pkt->type))); } if (end <= *buf) { -- 2.47.3