mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 23:27:04 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Potential overflow expression in qc_parse_frm()

Browse Source 
This should fix Coverity CID 375056 where an unsigned char was used
to store a 32bit mask.
This commit is contained in:
Frédéric Lécaille 2022-02-02 14:37:37 +01:00 committed by Amaury Denoyelle
parent 439c464250
commit ce2ecc9643
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/quic_frame.c
View File

@ -1000,8 +1000,8 @@ static int quic_parse_handshake_done_frame(struct quic_frame *frm, struct quic_c
struct quic_frame_builder { struct quic_frame_builder {
int (*func)(unsigned char **buf, const unsigned char *end, int (*func)(unsigned char **buf, const unsigned char *end,
struct quic_frame *frm, struct quic_conn *conn); struct quic_frame *frm, struct quic_conn *conn);
uint32_t mask;
unsigned char flags; unsigned char flags;
unsigned char mask;
}; };
const struct quic_frame_builder quic_frame_builders[] = { const struct quic_frame_builder quic_frame_builders[] = {
@ -1041,8 +1041,8 @@ const struct quic_frame_builder quic_frame_builders[] = {
struct quic_frame_parser { struct quic_frame_parser {
int (*func)(struct quic_frame *frm, struct quic_conn *qc, int (*func)(struct quic_frame *frm, struct quic_conn *qc,
const unsigned char **buf, const unsigned char *end); const unsigned char **buf, const unsigned char *end);
uint32_t mask;
unsigned char flags; unsigned char flags;
unsigned char mask;
}; };
const struct quic_frame_parser quic_frame_parsers[] = { const struct quic_frame_parser quic_frame_parsers[] = {
@ -1100,7 +1100,7 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt,
} }
parser = &quic_frame_parsers[frm->type]; parser = &quic_frame_parsers[frm->type];
if (!(parser->mask & (1 << pkt->type))) { if (!(parser->mask & (1U << pkt->type))) {
TRACE_DEVEL("unauthorized frame", QUIC_EV_CONN_PRSFRM, qc, frm); TRACE_DEVEL("unauthorized frame", QUIC_EV_CONN_PRSFRM, qc, frm);
return 0; return 0;
} }
@ -1126,10 +1126,10 @@ int qc_build_frm(unsigned char **buf, const unsigned char *end,
const struct quic_frame_builder *builder; const struct quic_frame_builder *builder;
builder = &quic_frame_builders[frm->type]; builder = &quic_frame_builders[frm->type];
if (!(builder->mask & (1 << pkt->type))) { if (!(builder->mask & (1U << pkt->type))) {
/* XXX This it a bug to send an unauthorized frame with such a packet type XXX */ /* XXX This it a bug to send an unauthorized frame with such a packet type XXX */
TRACE_DEVEL("frame skipped", QUIC_EV_CONN_BFRM, qc, frm); TRACE_DEVEL("frame skipped", QUIC_EV_CONN_BFRM, qc, frm);
BUG_ON(!(builder->mask & (1 << pkt->type))); BUG_ON(!(builder->mask & (1U << pkt->type)));
} }
if (end <= *buf) { if (end <= *buf) {