From faf9d7730828b80814a233eeecf7affc046193d3 Mon Sep 17 00:00:00 2001
From: Dave Wallace <dwallacelf@gmail.com>
Date: Thu, 26 Oct 2017 16:12:04 -0400
Subject: [PATCH] VCL-LDPRELOAD: Fix more coverity warnings

vcom.c:
  CID 178227: Logically dead code in vcom.c

vcom_socket.c:
  CID 178254: Dereference after null check
  CID 178250: Out-of-bounds access

vppcom.c:
  CID 178252: Unused value
  Suppress vppcom_session_attr() debug output.

Change-Id: I1d47bafb84fc0ad00c642392ae3cb6761fd3fb17
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
---
 src/vcl/vcom.c        |  6 +-----
 src/vcl/vcom_socket.c | 17 ++++++++++++-----
 src/vcl/vppcom.c      | 15 +++++++++------
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/vcl/vcom.c b/src/vcl/vcom.c
index 9bd5e0e54a2..be1e4c5b47a 100644
--- a/src/vcl/vcom.c
+++ b/src/vcl/vcom.c
@@ -1283,11 +1283,7 @@ vcom_select (int __nfds, fd_set * __restrict __readfds,
 	  vcom_fd_set_merge (
 			      /* dest, select sets */
 			      &new_nfds,
-			      __readfds,
-			      __writefds,
-			      __exceptfds,
-			      __readfds || __writefds || __exceptfds ?
-			      &new_nfd : NULL,
+			      __readfds, __writefds, __exceptfds, &new_nfd,
 			      /* src1, vcom sets */
 			      vcom_nfds,
 			      __readfds ? &vcom_readfds : NULL,
diff --git a/src/vcl/vcom_socket.c b/src/vcl/vcom_socket.c
index 6ce15148d21..5918f6b73d1 100644
--- a/src/vcl/vcom_socket.c
+++ b/src/vcl/vcom_socket.c
@@ -1607,10 +1607,11 @@ vcom_session_recvfrom (int __sid, void *__restrict __buf, size_t __n,
 {
   int rv;
   vppcom_endpt_t ep;
+  u8 src_addr[sizeof (struct sockaddr_in6)];
 
   if (__addr)
     {
-      ep.ip = (u8 *) & ((const struct sockaddr_in *) __addr)->sin_addr;
+      ep.ip = src_addr;
       rv = vppcom_session_recvfrom (__sid, __buf, __n, __flags, &ep);
 
       if (rv > 0)
@@ -1623,16 +1624,22 @@ vcom_session_recvfrom (int __sid, void *__restrict __buf, size_t __n,
 		{
 		case AF_INET:
 		  ((struct sockaddr_in *) __addr)->sin_port = ep.port;
+		  memcpy (&((struct sockaddr_in *) __addr)->sin_addr,
+			  src_addr, sizeof (struct in_addr));
+
 		  *__addr_len = sizeof (struct sockaddr_in);
 		  break;
 
 		case AF_INET6:
 		  ((struct sockaddr_in6 *) __addr)->sin6_port = ep.port;
+		  memcpy (((struct sockaddr_in6 *) __addr)->sin6_addr.
+			  __in6_u.__u6_addr8, src_addr,
+			  sizeof (struct in6_addr));
 		  *__addr_len = sizeof (struct sockaddr_in6);
 		  break;
 
 		default:
-		  rv = -1;
+		  rv = -EAFNOSUPPORT;
 		  break;
 		}
 	    }
@@ -1826,6 +1833,9 @@ vcom_socket_getsockopt (int __fd, int __level, int __optname,
   uword *p;
   vcom_socket_t *vsock;
 
+  if (!__optval || !__optlen)
+    return -EINVAL;
+
   p = hash_get (vsm->sockidx_by_fd, __fd);
   if (!p)
     return -EBADF;
@@ -1837,9 +1847,6 @@ vcom_socket_getsockopt (int __fd, int __level, int __optname,
   if (vsock->type != SOCKET_TYPE_VPPCOM_BOUND)
     return -EINVAL;
 
-  if (!__optval && !__optlen)
-    return -EFAULT;
-
   switch (__level)
     {
     case SOL_SOCKET:
diff --git a/src/vcl/vppcom.c b/src/vcl/vppcom.c
index 75e86c843cc..acfeb205e2d 100644
--- a/src/vcl/vppcom.c
+++ b/src/vcl/vppcom.c
@@ -3284,7 +3284,7 @@ vppcom_session_attr (uint32_t session_index, uint32_t op,
     {
     case VPPCOM_ATTR_GET_NREAD:
       rv = vppcom_session_read_ready (session, session_index);
-      if (VPPCOM_DEBUG > 0)
+      if (VPPCOM_DEBUG > 1)
 	clib_warning ("VPPCOM_ATTR_GET_NREAD: nread = %d", rv);
 
       break;
@@ -3298,7 +3298,7 @@ vppcom_session_attr (uint32_t session_index, uint32_t op,
 	{
 	  *flags = O_RDWR | ((session->is_nonblocking) ? O_NONBLOCK : 0);
 	  *buflen = sizeof (*flags);
-	  if (VPPCOM_DEBUG > 0)
+	  if (VPPCOM_DEBUG > 1)
 	    clib_warning ("VPPCOM_ATTR_GET_FLAGS: flags = 0x%08x, "
 			  "is_nonblocking = %u", *flags,
 			  session->is_nonblocking);
@@ -3311,7 +3311,7 @@ vppcom_session_attr (uint32_t session_index, uint32_t op,
       if (buffer && buflen && (*buflen >= sizeof (*flags)))
 	{
 	  session->is_nonblocking = (*flags & O_NONBLOCK) ? 1 : 0;
-	  if (VPPCOM_DEBUG > 0)
+	  if (VPPCOM_DEBUG > 1)
 	    clib_warning ("VPPCOM_ATTR_SET_FLAGS: flags = 0x%08x, "
 			  "is_nonblocking = %u", *flags,
 			  session->is_nonblocking);
@@ -3333,7 +3333,7 @@ vppcom_session_attr (uint32_t session_index, uint32_t op,
 	    clib_memcpy (ep->ip, &session->peer_addr.ip46.ip6,
 			 sizeof (ip6_address_t));
 	  *buflen = sizeof (*ep);
-	  if (VPPCOM_DEBUG > 0)
+	  if (VPPCOM_DEBUG > 1)
 	    clib_warning ("VPPCOM_ATTR_GET_PEER_ADDR: sid %u is_ip4 = %u, "
 			  "addr = %U, port %u", session_index,
 			  ep->is_ip4, format_ip46_address,
@@ -3357,7 +3357,7 @@ vppcom_session_attr (uint32_t session_index, uint32_t op,
 	    clib_memcpy (ep->ip, &session->lcl_addr.ip46.ip6,
 			 sizeof (ip6_address_t));
 	  *buflen = sizeof (*ep);
-	  if (VPPCOM_DEBUG > 0)
+	  if (VPPCOM_DEBUG > 1)
 	    clib_warning ("VPPCOM_ATTR_GET_LCL_ADDR: sid %u is_ip4 = %u, "
 			  "addr = %U port %d", session_index,
 			  ep->is_ip4, format_ip46_address,
@@ -3414,7 +3414,9 @@ vppcom_session_recvfrom (uint32_t session_index, void *buffer,
 	  if (VPPCOM_DEBUG > 0)
 	    clib_warning ("[%d] invalid session, sid (%u) has been closed!",
 			  vcm->my_pid, session_index);
-	  rv = VPPCOM_EINVAL;
+	  rv = VPPCOM_EBADFD;
+	  clib_spinlock_unlock (&vcm->sessions_lockp);
+	  goto done;
 	}
       ep->vrf = session->vrf;
       ep->is_ip4 = session->peer_addr.is_ip4;
@@ -3438,6 +3440,7 @@ vppcom_session_recvfrom (uint32_t session_index, void *buffer,
       rv = VPPCOM_EAFNOSUPPORT;
     }
 
+done:
   return rv;
 }
 
-- 
2.16.6