[][kernel][common][hnat][Fix Coverity scan warning]
[Description]
Fix Coverity scan warning.
- Fix sscanf arbitrarily string issue in hnat_whnat_write().
- Fix sscanf arbitrarily string issue in hnat_sched_write().
- Fix sscanf arbitrarily string issue in hnat_static_entry_write().
- Fix null check issue in mtk_pong_hqos_handler().
- Fix uncheck return issue in mtk_hqos_ptype_cb().
[Release-log]
N/A
Change-Id: Ib6f772779d8b56233c355d50af7bdf1d72aedb11
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/6861279
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c
index 98507af..89f1150 100755
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_eth_soc.c
@@ -4041,9 +4041,10 @@
if (!of_property_read_string(to_of_node(fixed_node),
"label", &label)) {
- if (strlen(label) < 16)
- strcpy(phylink_priv->label, label);
- else
+ if (strlen(label) < 16) {
+ strncpy(phylink_priv->label, label,
+ strlen(label));
+ } else
dev_err(eth->dev, "insufficient space for label!\n");
}
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c
index 81d528f..7c08cfd 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_debugfs.c
@@ -1298,7 +1298,7 @@
if (copy_from_user(line, buf, length))
return -EFAULT;
- if (sscanf(line, "%s %d", name, &enable) != 2)
+ if (sscanf(line, "%15s %1d", name, &enable) != 2)
return -EFAULT;
line[length] = '\0';
@@ -2015,9 +2015,18 @@
if (copy_from_user(line, buf, length))
return -EFAULT;
- if (sscanf(line, "%d %s %d", &enable, scheduling, &rate) != 3)
+ if (sscanf(line, "%1d %3s %9d", &enable, scheduling, &rate) != 3)
return -EFAULT;
+#if defined(CONFIG_MEDIATEK_NETSYS_V3)
+ if (rate > 100000000 || rate < 0 ||
+ rate > 100000000 || rate < 0)
+#else
+ if (rate > 10000000 || rate < 0 ||
+ rate > 10000000 || rate < 0)
+#endif
+ return -EINVAL;
+
while (rate > 127) {
rate /= 10;
exp++;
@@ -2688,7 +2697,8 @@
buf[len] = '\0';
#if defined(CONFIG_MEDIATEK_NETSYS_V3)
- if (sscanf(buf, "%d %x %x %x %hx %hx %x %x %x %hx %hx %s %s %x %x %x",
+ if (sscanf(buf,
+ "%5d %8x %8x %8x %hx %hx %8x %8x %8x %hx %hx %18s %18s %4x %4x %4x",
&hash,
&entry.ipv4_hnapt.info_blk1,
&entry.ipv4_hnapt.sip,
@@ -2703,27 +2713,20 @@
dmac_str, smac_str, &tport_id, &tops_entry, &cdrt_id) != 16)
return -EFAULT;
- entry.ipv4_hnapt.tport_id = tport_id;
- entry.ipv4_hnapt.tops_entry = tops_entry;
- entry.ipv4_hnapt.cdrt_id = cdrt_id;
-
- if ((hash >= hnat_priv->foe_etry_num) || (hash < -1) ||
- (tport_id > 16) || (tport_id < 0) ||
- (tops_entry > 64) || (tops_entry < 0) ||
- (cdrt_id > 255) || (cdrt_id < 0) ||
- (entry.ipv4_hnapt.sport > 65535) ||
- (entry.ipv4_hnapt.sport < 0) ||
- (entry.ipv4_hnapt.dport > 65535) ||
- (entry.ipv4_hnapt.dport < 0) ||
- (entry.ipv4_hnapt.new_sport > 65535) ||
- (entry.ipv4_hnapt.new_sport < 0) ||
- (entry.ipv4_hnapt.new_dport > 65535) ||
- (entry.ipv4_hnapt.new_dport < 0)) {
+ if ((hash >= (int)hnat_priv->foe_etry_num) || (hash < -1) ||
+ (TPORT_ID(tport_id) != tport_id) ||
+ (TOPS_ENTRY(tops_entry) != tops_entry) ||
+ (CDRT_ID(cdrt_id) != cdrt_id)) {
hnat_static_entry_help();
return -EFAULT;
}
+
+ entry.ipv4_hnapt.tport_id = tport_id;
+ entry.ipv4_hnapt.tops_entry = tops_entry;
+ entry.ipv4_hnapt.cdrt_id = cdrt_id;
#else
- if (sscanf(buf, "%d %x %x %x %hx %hx %x %x %x %hx %hx %s %s",
+ if (sscanf(buf,
+ "%5d %8x %8x %8x %hx %hx %8x %8x %8x %hx %hx %18s %18s",
&hash,
&entry.ipv4_hnapt.info_blk1,
&entry.ipv4_hnapt.sip,
@@ -2738,15 +2741,7 @@
dmac_str, smac_str) != 13)
return -EFAULT;
- if ((hash >= hnat_priv->foe_etry_num) || (hash < -1) ||
- (entry.ipv4_hnapt.sport > 65535) ||
- (entry.ipv4_hnapt.sport < 0) ||
- (entry.ipv4_hnapt.dport > 65535) ||
- (entry.ipv4_hnapt.dport < 0) ||
- (entry.ipv4_hnapt.new_sport > 65535) ||
- (entry.ipv4_hnapt.new_sport < 0) ||
- (entry.ipv4_hnapt.new_dport > 65535) ||
- (entry.ipv4_hnapt.new_dport < 0)) {
+ if ((hash >= (int)hnat_priv->foe_etry_num) || (hash < -1)) {
hnat_static_entry_help();
return -EFAULT;
}
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
index 02ec4f0..4b11373 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
@@ -2305,7 +2305,12 @@
mtk_pong_hqos_handler(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- struct vlan_ethhdr *veth = (struct vlan_ethhdr *)skb_mac_header(skb);
+ struct vlan_ethhdr *veth;
+
+ if (!skb)
+ goto drop;
+
+ veth = (struct vlan_ethhdr *)skb_mac_header(skb);
if (IS_HQOS_MODE && eth_hdr(skb)->h_proto == HQOS_MAGIC_TAG) {
skb_hnat_entry(skb) = ntohs(veth->h_vlan_TCI) & 0x3fff;
@@ -2516,7 +2521,8 @@
skb_hnat_entry(skb) = ntohs(veth->h_vlan_TCI) & 0x3fff;
skb_hnat_reason(skb) = HIT_BIND_FORCE_TO_CPU;
- do_hnat_ge_to_ext(skb, __func__);
+ if (do_hnat_ge_to_ext(skb, __func__) == -1)
+ return 1;
return 0;
}
diff --git a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/nf_hnat_mtk.h b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/nf_hnat_mtk.h
index 23a95fd..2a3c7f8 100644
--- a/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/nf_hnat_mtk.h
+++ b/target/linux/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/nf_hnat_mtk.h
@@ -159,6 +159,10 @@
#define HIT_BIND_PACKET_SAMPLING 0x1B
#define HIT_BIND_EXCEED_MTU 0x1C
+#define TPORT_ID(x) ((x) & GENMASK(3, 0))
+#define TOPS_ENTRY(x) ((x) & GENMASK(5, 0))
+#define CDRT_ID(x) ((x) & GENMASK(7, 0))
+
u32 hnat_tx(struct sk_buff *skb);
u32 hnat_set_skb_info(struct sk_buff *skb, u32 *rxd);
u32 hnat_reg(struct net_device *, void __iomem *);