87 lines
2.9 KiB
Diff
87 lines
2.9 KiB
Diff
|
From 4fcb075720ed3beea4ceee3f679305caacd0f51b Mon Sep 17 00:00:00 2001
|
||
|
|
From: Thomas Haller <thaller@redhat.com>
|
||
|
|
Date: Mon, 4 Dec 2023 11:22:38 +0100
|
||
|
|
Subject: [PATCH] socket: workaround coverity warning about time_t handling
|
||
|
|
|
||
|
|
Coverity really wants to warn if a time_t is cast to 32 bits.
|
||
|
|
We use time() here to get (some very bad) randomness. The loss
|
||
|
|
of the upper bits is the least of the problems.
|
||
|
|
|
||
|
|
Work around the coverity warning by also the higher bits.
|
||
|
|
|
||
|
|
Error: Y2K38_SAFETY (CWE-197): [#def12]
|
||
|
|
libnl-3.8.0/lib/socket.c:76: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "uint32_t".
|
||
|
|
# 74|
|
||
|
|
# 75| if (idx_state == 0) {
|
||
|
|
# 76|-> uint32_t t = (uint32_t) time(NULL);
|
||
|
|
# 77|
|
||
|
|
# 78| /* from time to time (on average each 2^15 calls), the idx_state will
|
||
|
|
|
||
|
|
Error: Y2K38_SAFETY (CWE-197): [#def13]
|
||
|
|
libnl-3.8.0/lib/socket.c:193: store_truncates_time_t: A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "unsigned int".
|
||
|
|
# 191| sk->s_local.nl_family = AF_NETLINK;
|
||
|
|
# 192| sk->s_peer.nl_family = AF_NETLINK;
|
||
|
|
# 193|-> sk->s_seq_next = (unsigned int) time(NULL);
|
||
|
|
# 194| sk->s_seq_expect = sk->s_seq_next;
|
||
|
|
# 195|
|
||
|
|
|
||
|
|
Conflict:patch for explicitly cast time() to uint32_t at 57e0170 is not incorporated
|
||
|
|
Reference:https://github.com/thom311/libnl/commit/4fcb075720ed3beea4ceee3f679305caacd0f51b
|
||
|
|
|
||
|
|
|
||
|
|
---
|
||
|
|
lib/socket.c | 23 +++++++++++++++++++++--
|
||
|
|
1 file changed, 21 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/lib/socket.c b/lib/socket.c
|
||
|
|
index 99cd36d..778230b 100644
|
||
|
|
--- a/lib/socket.c
|
||
|
|
+++ b/lib/socket.c
|
||
|
|
@@ -54,6 +54,24 @@ static void __init init_default_cb(void)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
+static uint32_t _badrandom_from_time(void)
|
||
|
|
+{
|
||
|
|
+ uint32_t result;
|
||
|
|
+ uint64_t v64;
|
||
|
|
+ time_t t;
|
||
|
|
+
|
||
|
|
+ t = time(NULL);
|
||
|
|
+ v64 = (uint64_t)t;
|
||
|
|
+ result = (uint32_t)v64;
|
||
|
|
+
|
||
|
|
+ /* XOR with the upper bits. Otherwise, coverity warns about only
|
||
|
|
+ * considering 32 bit from time_t. Use the inverse, so that for the
|
||
|
|
+ * most part the bits don't change. */
|
||
|
|
+ result ^= (~(v64 >> 32));
|
||
|
|
+
|
||
|
|
+ return result;
|
||
|
|
+}
|
||
|
|
+
|
||
|
|
static uint32_t used_ports_map[32];
|
||
|
|
static NL_RW_LOCK(port_map_lock);
|
||
|
|
|
||
|
|
@@ -67,7 +85,7 @@ static uint32_t generate_local_port(void)
|
||
|
|
nl_write_lock(&port_map_lock);
|
||
|
|
|
||
|
|
if (idx_state == 0) {
|
||
|
|
- uint32_t t = time(NULL);
|
||
|
|
+ uint32_t t = _badrandom_from_time();
|
||
|
|
|
||
|
|
/* from time to time (on average each 2^15 calls), the idx_state will
|
||
|
|
* be zero again. No problem, just "seed" anew with time(). */
|
||
|
|
@@ -184,7 +202,8 @@ static struct nl_sock *__alloc_socket(struct nl_cb *cb)
|
||
|
|
sk->s_cb = nl_cb_get(cb);
|
||
|
|
sk->s_local.nl_family = AF_NETLINK;
|
||
|
|
sk->s_peer.nl_family = AF_NETLINK;
|
||
|
|
- sk->s_seq_expect = sk->s_seq_next = time(NULL);
|
||
|
|
+ sk->s_seq_next = _badrandom_from_time();
|
||
|
|
+ sk->s_seq_expect = sk->s_seq_next;
|
||
|
|
|
||
|
|
/* the port is 0 (unspecified), meaning NL_OWN_PORT */
|
||
|
|
sk->s_flags = NL_OWN_PORT;
|
||
|
|
--
|
||
|
|
2.33.0
|
||
|
|
|