Skip to content

Commit 963dbe8

Browse files
hreineckehreinecke
committed
fabrics: coverity fixes
Coverity reported a possible out-of-bounds access in inet6_pton and we never checked the return value of nvme_ctrl_identify() in nvme_fetch_cntrltype_dctype_from_id(), leading to a possible NULL pointer access in nvmf_is_registration_supported(). Signed-off-by: Hannes Reinecke <[email protected]>
1 parent c20c899 commit 963dbe8

1 file changed

Lines changed: 16 additions & 8 deletions

File tree

src/nvme/fabrics.c

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -316,16 +316,19 @@ static int inet6_pton(nvme_root_t r, const char *src, uint16_t port,
316316
{
317317
int ret = -EINVAL;
318318
struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
319+
const char *scope = NULL;
320+
char *p;
319321

320322
if (strlen(src) > INET6_ADDRSTRLEN)
321323
return -EINVAL;
322324

323325
char *tmp = strdup(src);
324-
if (!tmp)
326+
if (!tmp) {
325327
nvme_msg(r, LOG_ERR, "cannot copy: %s\n", src);
328+
return -ENOMEM;
329+
}
326330

327-
const char *scope = NULL;
328-
char *p = strchr(tmp, '%');
331+
p = strchr(tmp, '%');
329332
if (p) {
330333
*p = '\0';
331334
scope = src + (p - tmp) + 1;
@@ -527,7 +530,8 @@ static int __nvmf_add_ctrl(nvme_root_t r, const char *argstr)
527530
goto out_close;
528531
}
529532

530-
len = read(fd, buf, sizeof(buf));
533+
memset(buf, 0x0, sizeof(buf));
534+
len = read(fd, buf, sizeof(buf) - 1);
531535
if (len < 0) {
532536
nvme_msg(r, LOG_ERR, "Failed to read from %s: %s\n",
533537
nvmf_dev, strerror(errno));
@@ -1262,12 +1266,14 @@ static const char *dctype_str[] = {
12621266
* sysfs. We must get them directly from the controller by performing an
12631267
* identify command.
12641268
*/
1265-
static void nvme_fetch_cntrltype_dctype_from_id(nvme_ctrl_t c)
1269+
static int nvme_fetch_cntrltype_dctype_from_id(nvme_ctrl_t c)
12661270
{
12671271
struct nvme_id_ctrl id = { 0 };
1272+
int ret;
12681273

1269-
if (nvme_ctrl_identify(c, &id))
1270-
return;
1274+
ret = nvme_ctrl_identify(c, &id);
1275+
if (ret)
1276+
return ret;
12711277

12721278
if (!c->cntrltype) {
12731279
if (id.cntrltype > NVME_CTRL_CNTRLTYPE_ADMIN || !cntrltype_str[id.cntrltype])
@@ -1282,12 +1288,14 @@ static void nvme_fetch_cntrltype_dctype_from_id(nvme_ctrl_t c)
12821288
else
12831289
c->dctype = strdup(dctype_str[id.dctype]);
12841290
}
1291+
return 0;
12851292
}
12861293

12871294
bool nvmf_is_registration_supported(nvme_ctrl_t c)
12881295
{
12891296
if (!c->cntrltype || !c->dctype)
1290-
nvme_fetch_cntrltype_dctype_from_id(c);
1297+
if (nvme_fetch_cntrltype_dctype_from_id(c))
1298+
return false;
12911299

12921300
return !strcmp(c->dctype, "ddc") || !strcmp(c->dctype, "cdc");
12931301
}

0 commit comments

Comments
 (0)