search

rootless-containers / slirp4netns

User-mode networking for unprivileged network namespaces
GNU General Public License v2.0
745 stars 83 forks source link

`make lint` fails with C11 errors #216

Closed AkihiroSuda closed 3 years ago

AkihiroSuda commented 4 years ago 
$ make lint
clang-tidy -warnings-as-errors='*' main.c slirp4netns.c api.c sandbox.c seccompfilter.c -- -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include  -I/usr/local/include/slirp -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include   
12 warnings generated.
13 warnings generated.
18 warnings generated.
19 warnings generated.
19 warnings generated.
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:22:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&addr, 0, sizeof(addr));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:22:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:29:5: error: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    strncpy(addr.sun_path, api_socket, sizeof(addr.sun_path) - 1);
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:29:5: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:159:10: error: Although the value stored to 'slirprc' is used in the enclosing expression, the value is never actually read from 'slirprc' [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
    if ((slirprc = slirp_add_hostfwd(slirp, fwd->is_udp, fwd->host_addr,
         ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:159:10: note: Although the value stored to 'slirprc' is used in the enclosing expression, the value is never actually read from 'slirprc'
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:171:9: error: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    if (snprintf(idbuf, sizeof(idbuf), "{\"return\":{\"id\":%d}}", fwd->id) >
        ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:171:9: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:330:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&addr, 0, sizeof(addr));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/api.c:330:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:87:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&ifr, 0, sizeof(ifr));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:87:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:89:5: error: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    strncpy(ifr.ifr_name, tapname, sizeof(ifr.ifr_name) - 1);
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:89:5: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:106:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&msg, 0, sizeof(msg));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:106:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:117:5: error: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:117:5: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:147:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&ifr, 0, sizeof(ifr));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:147:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:149:5: error: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    strncpy(ifr.ifr_name, tapname, sizeof(ifr.ifr_name) - 1);
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:149:5: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:177:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&route, 0, sizeof(route));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:177:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:232:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&msg, 0, sizeof(msg));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:232:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:252:5: error: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memcpy(&fd, CMSG_DATA(cmsg), sizeof(fd));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:252:5: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:399:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(options, 0, sizeof(*options));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:399:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:651:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(buf, 0, buf_len);
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:651:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:652:5: error: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    strncpy(buf, &orig[match.rm_so], len);
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/main.c:652:5: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/sandbox.c:185:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&data, 0, sizeof(data));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/sandbox.c:185:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/slirp4netns.c:255:5: error: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-warnings-as-errors]
    memset(&cfg, 0, sizeof(cfg));
    ^
/home/suda/gopath/src/github.com/rootless-containers/slirp4netns/slirp4netns.c:255:5: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
19 warnings treated as errors
make: *** [Makefile:1432: lint] Error 19

commit: 8bf83389b8250444ad060044fd1910cf2d3224aa clang-tidy 10.0