Skip to content

Net coverity fixes #4818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 14, 2017
Merged

Net coverity fixes #4818

merged 3 commits into from
Nov 14, 2017

Conversation

@jukkar
Copy link
Member

@jukkar jukkar commented Nov 8, 2017

No description provided.

@jukkar jukkar requested a review from tbursztyka November 8, 2017 20:18
lpereira
lpereira suggested changes Nov 8, 2017
View reviewed changes
subsys/net/lib/http/http_app_server.c Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This only works because %3d has the same number of characters as, say 200 or 404. It might be a good idea to use XXX or something else here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was done on purpose like this so that %3d is three letters wide. This way the same string can be used here and in snprintk(). Note that we only print the code if it is 100-999.

subsys/net/lib/http/http_app_server.c Outdated
Copy link
Member

@lpereira lpereira Nov 8, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you also need to send a text after the numerical code? Like 200 OK or 404 Not Found? Most clients will ignore this, but not sending it isn't compliant. See RFC2616, section 6.1.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no string to print atm as only 400 code is having a error string defined.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you think we need the error string too, then we need to fix the API (which is ok in this case as it was merged just one week ago).

@jukkar
samples: net: http: Do not overrun url array
baba273 
It is possible to access past end of url buffer by one byte.

Coverity-CID: 178790
Fixes zephyrproject-rtos#4784

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
samples: net: http: Possible null memory access in client & server
825d80e 
We might access null pointer in debug print.

Coverity-CID: 178789
Fixes zephyrproject-rtos#4785

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
net: context: Check if TCP header is found
9199024 
If the packet is too short, the TCP header pointer might be
NULL. In this case we just need to bail out.

Coverity-CID: 178787
Fixes zephyrproject-rtos#4787

Signed-off-by: Jukka Rissanen <[email protected]>
@jukkar
Copy link
Member Author

jukkar commented Nov 10, 2017

I will send the HTTP error patch separately so that it will not block these fixes.

@jukkar jukkar mentioned this pull request Nov 10, 2017
Merged
@jukkar
Copy link
Member Author

jukkar commented Nov 13, 2017

@lpereira could you check the PR and approve if ok?

@galak galak added this to the v1.10.0 milestone Nov 14, 2017
@jukkar jukkar merged commit 9663287 into zephyrproject-rtos:master Nov 14, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tbursztyka tbursztyka Awaiting requested review from tbursztyka

1 more reviewer

@lpereira lpereira lpereira approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area: Networking

Projects

None yet

Milestone

v1.10.0

Development

Successfully merging this pull request may close these issues.

3 participants

@jukkar @lpereira @galak