Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1357304lqb; Thu, 30 May 2024 08:01:30 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUGe/mBZcHZbV9bblFXWACMuTs0Cv0/fXbop4cwGyUI4DFgM683DQoFLDV2EP8u5ZKZritXfkgFkz+sSSeu5tqp+Yye5w18h5wQ0hLLCA== X-Google-Smtp-Source: AGHT+IEMYODc66gaMftCv25Xz5Fuk64wp8eYyiYN39lOlWR3rUqc2yBV7HQPybQJNBwT6T+Ze8tm X-Received: by 2002:a05:6a00:4209:b0:6ed:d5f5:85e with SMTP id d2e1a72fcca58-702310ed412mr2801446b3a.3.1717081289207; Thu, 30 May 2024 08:01:29 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717081289; cv=pass; d=google.com; s=arc-20160816; b=AB5iFmiYQLA/h7x6oysf+LWU/LBSMfmUe0mEHTzN34A0FT6cN9SaeZs4t8NVzUzJUR Wlybhp1ZzK7CNNPW/dC8cC6Mzl5m4VaxRVVmxnGgomcTfrmAb1h5BucMvNQyXbVvfihf wu3UQpJtoK/HF8YxttnQXv+1ScRql8CAw01tcP9dC0q3QZUWSyKviRuVRKoO6i1kFokE xkYfA59iP6PVl/k7VFqoBsz5uuHZ1rUBmnY3GN+vaPJoKT3k1Q7ZIXYFJRbaKShiHy4v E5BmTrxlkyWmYv5VrydL5vDwklv0tghOX3UE0ka85zBQpR+HTshs+LQpIduQZA6gbnlB xlrQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=+voq7RRAQnOrCL2uBtVCTK2v+9xkPPU2uvrgFfhEdd4=; fh=uo5u2TQK/HQlhydMwGLjBAnuDwaLxndJ/cgWTjIagS8=; b=lHmDYC2wscT82XztHH1t34Ieof77ySuvGz4pkRQmFqseUOFkAQYQtdVBHOW2N72f6m xu9y59huwD0/8CVSdry222EAm0vCxaiQHhsC0aQzYBV6EAdJMA2239uvtXxMiqWp0DnV xMAQLc709Pjt/h3gqWesd71ZJI2usvnabu2uxVzispU/LNfpqbBadnjJO0EjPpfOjWLj bB022QLf3H6wfPQzcwq1zMxVTgz11I5/I7qQHGrONVF0iEJ8EyyhqBZGPE5y8n+I2bI4 i91wdJZmsJMpuGVOMz0nQpTApmYuj+HT9b5Km37CXQnKkG2OnKz34qMci6J2+Bf2LZ25 nlNA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d2e1a72fcca58-7022d915b0bsi2050966b3a.147.2024.05.30.08.01.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 08:01:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 63BCAB23205 for ; Thu, 30 May 2024 15:01:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 30DFE17E445; Thu, 30 May 2024 15:01:03 +0000 (UTC) X-Original-To: linux-bluetooth@vger.kernel.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3534B16F0DA for ; Thu, 30 May 2024 15:01:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.200 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717081262; cv=none; b=e+jGp9CYP5vQacmP44ObncQIfRSqbbAglf1EltcHdJ7SiF6JB6XcooyXKBj4LBohDOzExtmdVyeunCAN373LH85mwYQ+fj37agYON6JxJsMG5p5NieRAC0cxdU7t5lK3MfAPRuTbOH2eM/9xytKwAemnvnzCGSy6JnmoBAeQwng= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717081262; c=relaxed/simple; bh=gfZu0KVCoQ5wGva5wZeqr64mlcdoNf+tqpQU6FXiceA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CCMtPKDcpfFdpJU1/59feWaAQzOVrTERcpnI76XrcLU/0eGXDGdu29ISgz4dSqzgPAlyQmPSa7OLYSOF3v/oIcLAZbRwNvJLo6t3emyi1FFazWKOOF4Kmr03696sRkVXWrEDFSMubBjRpa5RuYxrX706j27c7Hty1jM2Hhv7eLY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.200 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id 0CF722000B; Thu, 30 May 2024 15:00:57 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ 1/9] rctest: Fix possible overrun Date: Thu, 30 May 2024 16:57:55 +0200 Message-ID: <20240530150057.444585-2-hadess@hadess.net> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240530150057.444585-1-hadess@hadess.net> References: <20240530150057.444585-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-GND-Sasl: hadess@hadess.net Error: OVERRUN (CWE-119): [#def57] [important] bluez-5.76/tools/rctest.c:556:3: return_constant: Function call "read(fd, buf, data_size)" may return -1. [Note: The source code implementation of the function has been overridden by a builtin model.] bluez-5.76/tools/rctest.c:556:3: assignment: Assigning: "len" = "read(fd, buf, data_size)". The value of "len" is now -1. bluez-5.76/tools/rctest.c:557:3: overrun-buffer-arg: Calling "send" with "buf" and "len" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned. 555| } 556| len = read(fd, buf, data_size); 557|-> send(sk, buf, len, 0); 558| close(fd); 559| return; --- tools/rctest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/rctest.c b/tools/rctest.c index d31180880ef4..ff91eb2f159d 100644 --- a/tools/rctest.c +++ b/tools/rctest.c @@ -554,7 +554,8 @@ static void do_send(int sk) exit(1); } len = read(fd, buf, data_size); - send(sk, buf, len, 0); + if (len > 0) + send(sk, buf, len, 0); close(fd); return; } else { -- 2.45.1