Reported by Coverity (CWE-119):
Negative value used as argument to a function expecting a
positive value (for example, size of buffer or allocation)
and harmless, because getsockopt() would return -EBADF if the
socket is -1, so we wouldn't print anything.
Check if accept4() returns a valid socket before calling getsockopt()
on it.
Signed-off-by: Stefano Brivio
---
tap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tap.c b/tap.c
index 3231da7..4d7422f 100644
--- a/tap.c
+++ b/tap.c
@@ -872,11 +872,13 @@ static void tap_sock_unix_new(struct ctx *c)
int discard = accept4(c->fd_tap_listen, NULL, NULL,
SOCK_NONBLOCK);
+ if (discard == -1)
+ return;
+
if (!getsockopt(discard, SOL_SOCKET, SO_PEERCRED, &ucred, &len))
info("discarding connection from PID %i", ucred.pid);
- if (discard != -1)
- close(discard);
+ close(discard);
return;
}
--
2.35.1