-
Notifications
You must be signed in to change notification settings - Fork 45
RDKB-64588: High impact coverity issues in utopia #293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: develop
Are you sure you want to change the base?
Changes from all commits
1f644f8
8717c63
286632e
7923245
1eb7081
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -457,6 +457,7 @@ char cellular_ifname[32]; | |||||||||||||||||||||
| #define IS_EMPTY_STRING(s) ((s == NULL) || (*s == '\0')) | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
| #define BUFLEN_8 8 | ||||||||||||||||||||||
| #define BUFLEN_20 20 | ||||||||||||||||||||||
| #define BUFLEN_32 32 | ||||||||||||||||||||||
| #define BUFLEN_64 64 | ||||||||||||||||||||||
| #define RET_OK 0 | ||||||||||||||||||||||
|
|
@@ -465,6 +466,9 @@ char cellular_ifname[32]; | |||||||||||||||||||||
| #define RESET "reset" | ||||||||||||||||||||||
| #define UP "up" | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
| #define STR_HELPER(x) #x | ||||||||||||||||||||||
| #define STR(x) STR_HELPER(x) | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
| #if defined (FEATURE_MAPT) || defined (FEATURE_SUPPORT_MAPT_NAT46) | ||||||||||||||||||||||
| #define SYSEVENT_MAPT_CONFIG_FLAG "mapt_config_flag" | ||||||||||||||||||||||
| #define SYSEVENT_MAPT_IP_ADDRESS "mapt_ip_address" | ||||||||||||||||||||||
|
|
@@ -1824,6 +1828,7 @@ static int substitute(char *in_str, char *out_str, const int size, char *from, c | |||||||||||||||||||||
| * $ACCEPT $DROP $REJECT and | ||||||||||||||||||||||
| * QoS classes $HIGH, $MEDIUM, $NORMAL, $LOW | ||||||||||||||||||||||
| */ | ||||||||||||||||||||||
| #define TOKEN_MAX_LEN 50 | ||||||||||||||||||||||
| char *make_substitutions(char *in_str, char *out_str, const int size) | ||||||||||||||||||||||
| { | ||||||||||||||||||||||
| char *in_str_p = in_str; | ||||||||||||||||||||||
|
|
@@ -1832,9 +1837,9 @@ char *make_substitutions(char *in_str, char *out_str, const int size) | |||||||||||||||||||||
| char *out_str_end = out_str + size; | ||||||||||||||||||||||
| // FIREWALL_DEBUG("Entering *make_substitutions\n"); | ||||||||||||||||||||||
| while (in_str_p < in_str_end && out_str_p < out_str_end) { | ||||||||||||||||||||||
| char token[50]; | ||||||||||||||||||||||
| char token[TOKEN_MAX_LEN + 1]; | ||||||||||||||||||||||
| if ('$' == *in_str_p) { | ||||||||||||||||||||||
| sscanf(in_str_p, "%50s", token); | ||||||||||||||||||||||
| sscanf(in_str_p, "%" STR(TOKEN_MAX_LEN) "s", token); | ||||||||||||||||||||||
| in_str_p += strlen(token); | ||||||||||||||||||||||
| if (0 == strcmp(token, "$WAN_IPADDR")) { | ||||||||||||||||||||||
| out_str_p += snprintf(out_str_p, out_str_end-out_str_p, "%s", current_wan_ipaddr); | ||||||||||||||||||||||
|
|
@@ -1905,9 +1910,9 @@ static char *match_keyword(FILE *fp, char *keyword, char delim, char *line, int | |||||||||||||||||||||
| * handle space differently | ||||||||||||||||||||||
| */ | ||||||||||||||||||||||
| if (' ' == delim) { | ||||||||||||||||||||||
| char local_name[50]; | ||||||||||||||||||||||
| char local_name[TOKEN_MAX_LEN + 1]; | ||||||||||||||||||||||
| local_name[0] = '\0'; | ||||||||||||||||||||||
| sscanf(line, "%50s ", local_name); | ||||||||||||||||||||||
| sscanf(line, "%" STR(TOKEN_MAX_LEN) "s", local_name); | ||||||||||||||||||||||
| next = line + strlen(local_name); | ||||||||||||||||||||||
| if (next-line > size) { | ||||||||||||||||||||||
| continue; | ||||||||||||||||||||||
|
|
@@ -9824,9 +9829,9 @@ static int prepare_host_detect(FILE * fp) | |||||||||||||||||||||
| char buf[1024]; | ||||||||||||||||||||||
| if (NULL != kh_fp) { | ||||||||||||||||||||||
| while (NULL != fgets(buf, sizeof(buf), kh_fp)) { | ||||||||||||||||||||||
| char ip[20]; | ||||||||||||||||||||||
| char mac[20]; | ||||||||||||||||||||||
| sscanf(buf, "%20s %20s", ip, mac); | ||||||||||||||||||||||
| char ip[BUFLEN_20 + 1]; | ||||||||||||||||||||||
| char mac[BUFLEN_20 + 1]; | ||||||||||||||||||||||
| sscanf(buf, "%" STR(BUFLEN_20) "s" "%" STR(BUFLEN_20) "s", ip, mac); | ||||||||||||||||||||||
| fprintf(fp, "-A host_detect -i %s -s %s -j RETURN\n", lan_ifname, ip); | ||||||||||||||||||||||
|
Comment on lines
+9832
to
9835
|
||||||||||||||||||||||
| char ip[BUFLEN_20 + 1]; | |
| char mac[BUFLEN_20 + 1]; | |
| sscanf(buf, "%20s %20s", ip, mac); | |
| fprintf(fp, "-A host_detect -i %s -s %s -j RETURN\n", lan_ifname, ip); | |
| char ip[BUFLEN_20 + 1] = {0}; | |
| char mac[BUFLEN_20 + 1] = {0}; | |
| if (sscanf(buf, "%20s %20s", ip, mac) != 2) { | |
| continue; | |
| } | |
| fprintf(fp, "-A host_detect -i %s -s %s -j RETURN\n", lan_ifname, ip); |
Copilot
AI
Apr 23, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BUFLEN_20 is introduced for the ip/mac buffers, but the scan widths are still hard-coded as "%20s". Consider tying the scan width to BUFLEN_20 (stringified macro) so future changes to the constant can't silently reintroduce a buffer sizing mismatch.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -295,7 +295,7 @@ int ulog_GetProcId(size_t size, char *name, pid_t *pid) | |
| The name will be extracted with a final ')' which needs to be dropped | ||
| before writing the final result to "name". | ||
| */ | ||
| sscanf(buf, "%*d (%1023s", str); | ||
| sscanf(buf, "%*d (%63s", str); | ||
|
|
||
|
Comment on lines
+298
to
299
|
||
| len = strlen(str); | ||
|
Comment on lines
+298
to
300
|
||
| if (len > 0) | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -74,6 +74,9 @@ | |
|
|
||
| #define CALCULATE_CRC32_TABLE_ENTRY(X) (((X) & 1) ? (POLYNOMIAL^ ((X) >> 1)) : ((X) >> 1)) | ||
|
|
||
| #define BUFLEN_10 10 | ||
| #define STR_HELPER(x) #x | ||
| #define STR(x) STR_HELPER(x) | ||
| /* | ||
| * utapi.c - | ||
| */ | ||
|
|
@@ -4273,8 +4276,8 @@ static int s_getiap (UtopiaContext *ctx, int index, iap_entry_t *iap) | |
| app[j].proto = s_StrToEnum(g_ProtocolMap, buf); | ||
|
|
||
| Utopia_GetIndexed2(ctx, UtopiaValue_IAP_BlockPortRange, index, i+1, buf, sizeof(buf)); | ||
| char sport[10], eport[10]; | ||
| if (2 == (sscanf(buf, "%10s %10s", sport, eport))) { | ||
| char sport[BUFLEN_10 + 1], eport[BUFLEN_10 + 1]; | ||
| if (2 == (sscanf(buf, "%" STR(BUFLEN_10) "s" "%" STR(BUFLEN_10) "s", sport, eport))) { | ||
| app[j].port.start = atoi(sport); | ||
|
Comment on lines
+4279
to
4281
|
||
| app[j].port.end = atoi(eport); | ||
| } | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TOKEN_MAX_LENis introduced for buffer sizing, but the scan width is still hard-coded as"%50s". This couples the format string to the macro value and is easy to desync in the future (reintroducing the overflow). Consider deriving the scan width fromTOKEN_MAX_LEN(e.g., via a stringified macro) or keep a single source of truth for both.