Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1357304lqb;
        Thu, 30 May 2024 08:01:30 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUGe/mBZcHZbV9bblFXWACMuTs0Cv0/fXbop4cwGyUI4DFgM683DQoFLDV2EP8u5ZKZritXfkgFkz+sSSeu5tqp+Yye5w18h5wQ0hLLCA==
X-Google-Smtp-Source: AGHT+IEMYODc66gaMftCv25Xz5Fuk64wp8eYyiYN39lOlWR3rUqc2yBV7HQPybQJNBwT6T+Ze8tm
X-Received: by 2002:a05:6a00:4209:b0:6ed:d5f5:85e with SMTP id d2e1a72fcca58-702310ed412mr2801446b3a.3.1717081289207;
        Thu, 30 May 2024 08:01:29 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717081289; cv=pass;
        d=google.com; s=arc-20160816;
        b=AB5iFmiYQLA/h7x6oysf+LWU/LBSMfmUe0mEHTzN34A0FT6cN9SaeZs4t8NVzUzJUR
         Wlybhp1ZzK7CNNPW/dC8cC6Mzl5m4VaxRVVmxnGgomcTfrmAb1h5BucMvNQyXbVvfihf
         wu3UQpJtoK/HF8YxttnQXv+1ScRql8CAw01tcP9dC0q3QZUWSyKviRuVRKoO6i1kFokE
         xkYfA59iP6PVl/k7VFqoBsz5uuHZ1rUBmnY3GN+vaPJoKT3k1Q7ZIXYFJRbaKShiHy4v
         E5BmTrxlkyWmYv5VrydL5vDwklv0tghOX3UE0ka85zBQpR+HTshs+LQpIduQZA6gbnlB
         xlrQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=+voq7RRAQnOrCL2uBtVCTK2v+9xkPPU2uvrgFfhEdd4=;
        fh=uo5u2TQK/HQlhydMwGLjBAnuDwaLxndJ/cgWTjIagS8=;
        b=lHmDYC2wscT82XztHH1t34Ieof77ySuvGz4pkRQmFqseUOFkAQYQtdVBHOW2N72f6m
         xu9y59huwD0/8CVSdry222EAm0vCxaiQHhsC0aQzYBV6EAdJMA2239uvtXxMiqWp0DnV
         xMAQLc709Pjt/h3gqWesd71ZJI2usvnabu2uxVzispU/LNfpqbBadnjJO0EjPpfOjWLj
         bB022QLf3H6wfPQzcwq1zMxVTgz11I5/I7qQHGrONVF0iEJ8EyyhqBZGPE5y8n+I2bI4
         i91wdJZmsJMpuGVOMz0nQpTApmYuj+HT9b5Km37CXQnKkG2OnKz34qMci6J2+Bf2LZ25
         nlNA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=hadess.net);
       spf=pass (google.com: domain of linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id d2e1a72fcca58-7022d915b0bsi2050966b3a.147.2024.05.30.08.01.28
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 May 2024 08:01:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=hadess.net);
       spf=pass (google.com: domain of linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5037-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 63BCAB23205
	for <linux.lists.archive@gmail.com>; Thu, 30 May 2024 15:01:14 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 30DFE17E445;
	Thu, 30 May 2024 15:01:03 +0000 (UTC)
X-Original-To: linux-bluetooth@vger.kernel.org
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3534B16F0DA
	for <linux-bluetooth@vger.kernel.org>; Thu, 30 May 2024 15:01:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.200
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717081262; cv=none; b=e+jGp9CYP5vQacmP44ObncQIfRSqbbAglf1EltcHdJ7SiF6JB6XcooyXKBj4LBohDOzExtmdVyeunCAN373LH85mwYQ+fj37agYON6JxJsMG5p5NieRAC0cxdU7t5lK3MfAPRuTbOH2eM/9xytKwAemnvnzCGSy6JnmoBAeQwng=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717081262; c=relaxed/simple;
	bh=gfZu0KVCoQ5wGva5wZeqr64mlcdoNf+tqpQU6FXiceA=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=CCMtPKDcpfFdpJU1/59feWaAQzOVrTERcpnI76XrcLU/0eGXDGdu29ISgz4dSqzgPAlyQmPSa7OLYSOF3v/oIcLAZbRwNvJLo6t3emyi1FFazWKOOF4Kmr03696sRkVXWrEDFSMubBjRpa5RuYxrX706j27c7Hty1jM2Hhv7eLY=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.200
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net
Received: by mail.gandi.net (Postfix) with ESMTPSA id 0CF722000B;
	Thu, 30 May 2024 15:00:57 +0000 (UTC)
From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Cc: Bastien Nocera <hadess@hadess.net>
Subject: [BlueZ 1/9] rctest: Fix possible overrun
Date: Thu, 30 May 2024 16:57:55 +0200
Message-ID: <20240530150057.444585-2-hadess@hadess.net>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <20240530150057.444585-1-hadess@hadess.net>
References: <20240530150057.444585-1-hadess@hadess.net>
Precedence: bulk
X-Mailing-List: linux-bluetooth@vger.kernel.org
List-Id: <linux-bluetooth.vger.kernel.org>
List-Subscribe: <mailto:linux-bluetooth+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-bluetooth+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-GND-Sasl: hadess@hadess.net

Error: OVERRUN (CWE-119): [#def57] [important]
bluez-5.76/tools/rctest.c:556:3: return_constant: Function call "read(fd, buf, data_size)" may return -1. [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.76/tools/rctest.c:556:3: assignment: Assigning: "len" = "read(fd, buf, data_size)". The value of "len" is now -1.
bluez-5.76/tools/rctest.c:557:3: overrun-buffer-arg: Calling "send" with "buf" and "len" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
555|		}
556|		len = read(fd, buf, data_size);
557|->		send(sk, buf, len, 0);
558|		close(fd);
559|		return;
---
 tools/rctest.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/rctest.c b/tools/rctest.c
index d31180880ef4..ff91eb2f159d 100644
--- a/tools/rctest.c
+++ b/tools/rctest.c
@@ -554,7 +554,8 @@ static void do_send(int sk)
 			exit(1);
 		}
 		len = read(fd, buf, data_size);
-		send(sk, buf, len, 0);
+		if (len > 0)
+			send(sk, buf, len, 0);
 		close(fd);
 		return;
 	} else {
-- 
2.45.1