Add further sanity checking of hdr->error_no (#805)HEAD master

>>> CID 467267: Insecure data handling (INTEGER_OVERFLOW) >>> The cast of "hdr->error_no" to a signed type could result in a negative number. Indeed, if a client sends a very large ->error_no, this could end up with a negative errno value. This doesn't seem like an issue, but nonetheless tighten up our validation. For some reason Coverity only complained about tran_pipe.c, but the same problem exists in tran_sock.c. Signed-off-by: John Levon <john.levon@nutanix.com>
author: John Levon <john.levon@nutanix.com> 2024-08-19 11:44:36 +0100
committer: GitHub <noreply@github.com> 2024-08-19 11:44:36 +0100
commit: b1a156d86f55a8fa3f78ece5bee7748ec75e7b82 (patch)
tree: d42e16fc3fb1ef6a1a0cabf1a48a823904ff3e3f /lib/private.h
parent: 3f1500b384cd5aca13b517ebd4055727f35dc14f (diff)
download: libvfio-user-master.zip
libvfio-user-master.tar.gz
libvfio-user-master.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/private.h b/lib/private.h
index e3d97b3..b89df8b 100644
--- a/lib/private.h
+++ b/lib/private.h
@@ -62,6 +62,12 @@
                              sizeof(struct vfio_user_region_access))
 
 /*
+ * Maximum value we are prepared to accept in hdr->error_no. Somewhat arbitrary
+ * value low enough to avoid any signed conversion issues.
+ */
+#define SERVER_MAX_ERROR_NO (4096)
+
+/*
  * Structure used to hold an in-flight request+reply.
  *
  * Incoming request body and fds are stored in in.*.
author	John Levon <john.levon@nutanix.com>	2024-08-19 11:44:36 +0100
committer	GitHub <noreply@github.com>	2024-08-19 11:44:36 +0100
commit	b1a156d86f55a8fa3f78ece5bee7748ec75e7b82 (patch)
tree	d42e16fc3fb1ef6a1a0cabf1a48a823904ff3e3f /lib/private.h
parent	3f1500b384cd5aca13b517ebd4055727f35dc14f (diff)
download	libvfio-user-master.zip libvfio-user-master.tar.gz libvfio-user-master.tar.bz2