lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 09 Nov 2020 20:33:53 -0800
From:   John Fastabend <john.fastabend@...il.com>
To:     Wang Hai <wanghai38@...wei.com>, quentin@...valent.com,
        mrostecki@...nsuse.org, john.fastabend@...il.com
Cc:     ast@...nel.org, daniel@...earbox.net, kafai@...com,
        songliubraving@...com, yhs@...com, andrii@...nel.org,
        kpsingh@...omium.org, toke@...hat.com, danieltimlee@...il.com,
        bpf@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: RE: [PATCH v2 bpf] tools: bpftool: Add missing close before bpftool
 net attach exit

Wang Hai wrote:
> progfd is created by prog_parse_fd(), before 'bpftool net attach' exit,
> it should be closed.
> 
> Fixes: 04949ccc273e ("tools: bpftool: add net attach command to attach XDP on interface")
> Signed-off-by: Wang Hai <wanghai38@...wei.com>
> ---
> v1->v2: use cleanup tag instead of repeated closes
>  tools/bpf/bpftool/net.c | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/tools/bpf/bpftool/net.c b/tools/bpf/bpftool/net.c
> index 910e7bac6e9e..1ac7228167e6 100644
> --- a/tools/bpf/bpftool/net.c
> +++ b/tools/bpf/bpftool/net.c
> @@ -578,8 +578,8 @@ static int do_attach(int argc, char **argv)
>  
>  	ifindex = net_parse_dev(&argc, &argv);
>  	if (ifindex < 1) {
> -		close(progfd);
> -		return -EINVAL;
> +		err = -EINVAL;
> +		goto cleanup;
>  	}
>  
>  	if (argc) {
> @@ -587,8 +587,8 @@ static int do_attach(int argc, char **argv)
>  			overwrite = true;
>  		} else {
>  			p_err("expected 'overwrite', got: '%s'?", *argv);
> -			close(progfd);
> -			return -EINVAL;
> +			err = -EINVAL;
> +			goto cleanup;
>  		}
>  	}
>  
> @@ -600,13 +600,15 @@ static int do_attach(int argc, char **argv)

I think now that return value depends on this err it should be 'if (err)'
otherwise we risk retunring non-zero error code from do_attach which
will cause programs to fail.

>  	if (err < 0) {
        ^^^^^^^^^^^^
        if (err) {

>  		p_err("interface %s attach failed: %s",
>  		      attach_type_strings[attach_type], strerror(-err));
> -		return err;
> +		goto cleanup;
>  	}
>  
>  	if (json_output)
>  		jsonw_null(json_wtr);
>  
> -	return 0;


Alternatively we could add an 'err = 0' here, but above should never
return a value >0 as far as I can see.

Thanks,
John

> +cleanup:
> +	close(progfd);
> +	return err;
>  }
>  
>  static int do_detach(int argc, char **argv)
> -- 
> 2.17.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ