diff options
author | John Levon <john.levon@nutanix.com> | 2024-08-19 11:44:36 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-08-19 11:44:36 +0100 |
commit | b1a156d86f55a8fa3f78ece5bee7748ec75e7b82 (patch) | |
tree | d42e16fc3fb1ef6a1a0cabf1a48a823904ff3e3f /lib/private.h | |
parent | 3f1500b384cd5aca13b517ebd4055727f35dc14f (diff) | |
download | libvfio-user-master.zip libvfio-user-master.tar.gz libvfio-user-master.tar.bz2 |
>>> CID 467267: Insecure data handling (INTEGER_OVERFLOW)
>>> The cast of "hdr->error_no" to a signed type could result in a negative number.
Indeed, if a client sends a very large ->error_no, this could end up
with a negative errno value. This doesn't seem like an issue, but
nonetheless tighten up our validation.
For some reason Coverity only complained about tran_pipe.c, but the same
problem exists in tran_sock.c.
Signed-off-by: John Levon <john.levon@nutanix.com>
Diffstat (limited to 'lib/private.h')
-rw-r--r-- | lib/private.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/private.h b/lib/private.h index e3d97b3..b89df8b 100644 --- a/lib/private.h +++ b/lib/private.h @@ -62,6 +62,12 @@ sizeof(struct vfio_user_region_access)) /* + * Maximum value we are prepared to accept in hdr->error_no. Somewhat arbitrary + * value low enough to avoid any signed conversion issues. + */ +#define SERVER_MAX_ERROR_NO (4096) + +/* * Structure used to hold an in-flight request+reply. * * Incoming request body and fds are stored in in.*. |