From c2810b32cde694a8e245a4f10aa5ce839ad866c7 Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Fri, 19 Nov 2021 11:49:48 +0100
Subject: [PATCH] snort: fix coverity warning

Add error handling for incomplete read.

Type: fix
Fixes: 839b1473e9
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: Ibf1b2f633793510244ea1aa6af0902021aeb67ad
---
 src/plugins/snort/main.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/plugins/snort/main.c b/src/plugins/snort/main.c
index d05b6310891..6b7e49a23ad 100644
--- a/src/plugins/snort/main.c
+++ b/src/plugins/snort/main.c
@@ -195,9 +195,18 @@ snort_deq_ready (clib_file_t *uf)
   snort_per_thread_data_t *ptd =
     vec_elt_at_index (sm->per_thread_data, vm->thread_index);
   u64 counter;
+  ssize_t bytes_read;
 
-  if (read (uf->file_descriptor, &counter, sizeof (counter)) < 0)
-    return clib_error_return (0, "client closed socket");
+  bytes_read = read (uf->file_descriptor, &counter, sizeof (counter));
+  if (bytes_read < 0)
+    {
+      return clib_error_return (0, "client closed socket");
+    }
+
+  if (bytes_read < sizeof (counter))
+    {
+      return clib_error_return (0, "unexpected truncated read");
+    }
 
   clib_interrupt_set (ptd->interrupts, uf->private_data);
   vlib_node_set_interrupt_pending (vm, snort_deq_node.index);
-- 
2.16.6