Skip to content

coverity misc fixes

asmadeus requested to merge asmadeus/l2tpns:coverity into master

See individual commits (assuming all valid 'high' priority issues will be done at some point, picked at random):

processudp: fix memory leak

send/recvchalresponse should be freed before early returns in the function,
as there are code paths where they would be allocated before these.

Note free is no-op on null pointer so checking for non-null value is useless.

Reported-by: Coverity#375342
sendarp: fix out of bound read on mac address

mac address is only 6 bytes, which we specify in sll_halen, so do not try to
read more than that into sll_addr.

Reported-by: Coverity#375313
bgp_write: fix sent data (offset) on partial write

&peer->outbuf->packet has a non-1 size, so &foo + offset would
incorrectly offset by sizeof(packet) * offset, while it is meant as a
byte offset.

Cast to char * to have a simple offset.

Reported-by: Coverity#375309
pppoe_sess_send: check packet length before reading header

if the packet is too small then reading pack + ETH_HLEN is invalid, first
check that the packet is big enough then read the header at an offset we
know is valid

Reported-by: Coverity#375305

Merge request reports