From: Kevin Day <kevin@kevux.org>
Date: Thu, 26 Jan 2023 01:23:53 +0000 (-0600)
Subject: Update: Add additional sanity checks.
X-Git-Tag: 0.6.4~79
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=d46df15fdf4335c9f4310afe4e3ef9cb6dd90267;p=fll

Update: Add additional sanity checks.

The GCC -fanalyzer is reporting a problem that as far as I can tell is a false positive.
This program is older code practices and will eventually be rewritten anyway.

Add a few more safety checks.
---

diff --git a/level_3/firewall/c/private-firewall.c b/level_3/firewall/c/private-firewall.c
index e9450ce..57152c0 100644
--- a/level_3/firewall/c/private-firewall.c
+++ b/level_3/firewall/c/private-firewall.c
@@ -8,6 +8,8 @@ extern "C" {
 
 f_status_t firewall_perform_commands(firewall_data_t * const data, firewall_local_data_t * const local) {
 
+  if (!data || !local || local->device >= data->devices.used) return F_status_set_error(F_parameter);
+
   f_status_t status = F_none;
 
   bool invalid = F_false;
@@ -158,7 +160,7 @@ f_status_t firewall_perform_commands(firewall_data_t * const data, firewall_loca
         continue;
       }
       else if (fl_string_dynamic_compare_string(local->buffer.string + local->rule_contents.array[i].array[0].start, firewall_device_this_s, length) == F_equal_to) {
-        if (data->devices.array[local->device].used > 0) {
+        if (data->devices.array[local->device].used) {
           if (data->devices.array[local->device].used > device.size) {
             status = f_string_dynamic_resize(data->devices.array[local->device].used, &device);
             if (F_status_is_error(status)) break;
@@ -776,6 +778,8 @@ f_status_t firewall_perform_commands(firewall_data_t * const data, firewall_loca
 
 f_status_t firewall_create_custom_chains(firewall_data_t * const data, firewall_reserved_chains_t * const reserved, firewall_local_data_t * const local) {
 
+  if (!data || !local) return F_status_set_error(F_parameter);
+
   f_status_t status = F_none;
 
   uint8_t tool = firewall_program_iptables_e;
@@ -966,6 +970,8 @@ f_status_t firewall_create_custom_chains(firewall_data_t * const data, firewall_
 
 f_status_t firewall_delete_chains(firewall_data_t * const data) {
 
+  if (!data) return F_status_set_error(F_parameter);
+
   const f_string_static_t tools[2] = { firewall_tool_iptables_s, firewall_tool_ip6tables_s };
   f_status_t status = F_none;
 
@@ -1058,6 +1064,8 @@ f_status_t firewall_delete_chains(firewall_data_t * const data) {
 
 f_status_t firewall_default_lock(firewall_data_t * const data) {
 
+  if (!data) return F_status_set_error(F_parameter);
+
   const f_string_static_t chains[3] = { firewall_chain_input_s, firewall_chain_output_s, firewall_chain_forward_s };
   const f_string_static_t tools[2] = { firewall_tool_iptables_s, firewall_tool_ip6tables_s };
 
@@ -1121,6 +1129,8 @@ f_status_t firewall_default_lock(firewall_data_t * const data) {
 
 f_status_t firewall_buffer_rules(firewall_data_t * const data, const f_string_static_t filename, const bool optional, firewall_local_data_t * const local) {
 
+  if (!data || !local) return F_status_set_error(F_parameter);
+
   f_file_t file = f_file_t_initialize;
 
   f_status_t status = f_file_open(filename, 0, &file);
@@ -1232,6 +1242,8 @@ f_status_t firewall_buffer_rules(firewall_data_t * const data, const f_string_st
 
 f_status_t firewall_process_rules(firewall_data_t * const data, f_string_range_t * const range, firewall_local_data_t * const local) {
 
+  if (!data || !range || !local) return F_status_set_error(F_parameter);
+
   f_status_t status = F_none;
   f_fss_delimits_t delimits = f_fss_delimits_t_initialize;
   f_state_t state = f_state_t_initialize;
@@ -1272,6 +1284,8 @@ f_status_t firewall_process_rules(firewall_data_t * const data, f_string_range_t
 
 f_status_t firewall_delete_local_data(firewall_local_data_t * const local) {
 
+  if (!local) return F_status_set_error(F_parameter);
+
   local->is_global = F_true;
   local->is_main = F_false;
   local->is_stop = F_false;
diff --git a/level_3/firewall/c/private-firewall.h b/level_3/firewall/c/private-firewall.h
index 76fb5b2..4979de0 100644
--- a/level_3/firewall/c/private-firewall.h
+++ b/level_3/firewall/c/private-firewall.h
@@ -25,6 +25,7 @@ extern "C" {
  *   F_child on child process exiting.
  *
  *   F_interrupt (with error bit) on receiving a process signal, such as an interrupt signal.
+ *   F_parameter (with error bit) on invalid parameter passed.
  *
  *   Errors (with error bit) from: f_string_dynamic_append().
  *   Errors (with error bit) from: f_string_dynamic_partial_append().
@@ -53,6 +54,7 @@ extern f_status_t firewall_perform_commands(firewall_data_t * const data, firewa
  *   F_child on child process exiting.
  *
  *   F_interrupt (with error bit) on receiving a process signal, such as an interrupt signal.
+ *   F_parameter (with error bit) on invalid parameter passed.
  *
  *   Status codes (with error bit) are returned on any problem.
  */
@@ -69,6 +71,7 @@ extern f_status_t firewall_create_custom_chains(firewall_data_t * const data, fi
  *   F_child on child process exiting.
  *
  *   F_interrupt (with error bit) on receiving a process signal, such as an interrupt signal.
+ *   F_parameter (with error bit) on invalid parameter passed.
  *
  *   Status codes (with error bit) are returned on any problem.
  */