On 9/20/24 4:12 AM, Ján Tomko wrote:
On a Thursday in 2024, Laine Stump wrote:
[...]
+ startHost = ntohl(startv4.val);
+ endHost = ntohl(endv4.val);
+
+ if (endHost - startHost > 65535) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("range %1$s - %2$s is too large (>
65535)"),
+ startStr, endStr);
+ return -1;
}
- ret = (t2.bytes[2] - t1.bytes[2]) * 256 + (t2.bytes[3] -
t1.bytes[3]);
- if (ret < 0) {
+
+ if (endHost < startHost) {
This check needs to happen before you subtract two unsigned integers,
otherwise the substraction above overflows and this is essentially dead
code.
Before this patch:
$ VIR_TEST_RANGE=48 VIR_TEST_DEBUG=1 ./run tests/sockettest
TEST: sockettest
48) Test range 192.168.122.20 -> 192.168.122.1(192.168.122.1/24) size
-1 ... libvirt: error : internal error: range 192.168.122.20 -
192.168.122.1 is reversed
OK
After:
$ VIR_TEST_RANGE=48 VIR_TEST_DEBUG=1 ./run tests/sockettest
TEST: sockettest
48) Test range 192.168.122.20 -> 192.168.122.1(192.168.122.1/24) size
-1 ... libvirt: error : internal error: range 192.168.122.20 -
192.168.122.1 is too large (> 65535)
OK
Ooh! Nice catch! I hadn't noticed because I was putting too much faith
in the unit tests, and they had "successfully failed as expected" both
before and after and I didn't look at the specific failure to notice
that it was failing in a different way. I fixed it before pushing.
Thanks for the reviews!
