[Openvpn-devel,v2] phase2_tcp_server: fix Coverity issue "Dereference after null check"

Message ID 20240325071448.12143-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel,v2] phase2_tcp_server: fix Coverity issue "Dereference after null check" | expand

Commit Message

Gert Doering March 25, 2024, 7:14 a.m. UTC
From: Frank Lichtenheld <frank@lichtenheld.com>

As Coverity says:
Either the check against null is unnecessary, or there may be a null
pointer dereference.
In phase2_tcp_server: Pointer is checked against null but then
dereferenced anyway

There is only one caller (link_socket_init_phase2) and it already has
an ASSERT(sig_info). So use that here was well.

 - fix cleanly by actually asserting that sig_info is defined

Change-Id: I8ef199463d46303129a3f563fd9eace780a58b8a
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/490
This mail reflects revision 2 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>


Gert Doering March 25, 2024, 5:22 p.m. UTC | #1
This is arguably a correct fix, though we could go a bit further in
terms of refactoring and fully get rid of signal_received - if my
understanding of the code is correct, it's only passed to a single
function (socket_listen_accept()), which is only called from here - 
so "just pass on sig_info and use that" would be a bit less convoluted.

But that's refactoring, so for future master...

Lightly tested on the server framework.

Your patch has been applied to the master and release/2.6 branch.

commit e8c629fe64c67ea0a8454753be99db44df7ce53e (master)
commit 5591af17694d98054da2cdf4cfd42508a8a4fb8e (release/2.6)
Author: Frank Lichtenheld
Date:   Mon Mar 25 08:14:48 2024 +0100

     phase2_tcp_server: fix Coverity issue 'Dereference after null check'

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
     Message-Id: <20240325071448.12143-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28452.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>

kind regards,

Gert Doering


diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index 480f4e5..387cb40 100644
--- a/src/openvpn/socket.c
+++ b/src/openvpn/socket.c
@@ -2005,7 +2005,8 @@ 
 phase2_tcp_server(struct link_socket *sock, const char *remote_dynamic,
                   struct signal_info *sig_info)
-    volatile int *signal_received = sig_info ? &sig_info->signal_received : NULL;
+    ASSERT(sig_info);
+    volatile int *signal_received = &sig_info->signal_received;
     switch (sock->mode)
         case LS_MODE_DEFAULT:
@@ -2031,7 +2032,7 @@ 
             if (!socket_defined(sock->sd))
-                register_signal(sig_info, SIGTERM, "socket-undefiled");
+                register_signal(sig_info, SIGTERM, "socket-undefined");