From af09d2cdab4c994c79d528122d79c9aa466c6d46 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sun, 12 Jan 2020 18:23:19 -0800
Subject: [PATCH 1/3] RDMA/CM: Suppress a Coverity complaint

Suppress the following Coverity complaint:

CID 1490695 (#1 of 1): Out-of-bounds access (OVERRUN)
9. overrun-buffer-arg: Overrunning struct type sockaddr of 16 bytes by passing it to a function which accesses it at byte offset 27 using argument dst_len (which evaluates to 28).

This patch does not change any functionality.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---
 librdmacm/cma.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/librdmacm/cma.c b/librdmacm/cma.c
index ff298fb2e..e742151a4 100644
--- a/librdmacm/cma.c
+++ b/librdmacm/cma.c
@@ -997,7 +997,7 @@ int rdma_resolve_addr(struct rdma_cm_id *id, struct sockaddr *src_addr,
 	if (ret != sizeof cmd)
 		return (ret >= 0) ? ERR(ENODATA) : -1;
 
-	memcpy(&id->route.addr.dst_addr, dst_addr, dst_len);
+	memcpy(&id->route.addr.dst_storage, dst_addr, dst_len);
 	return ucma_complete(id);
 }
 

From 32b94869c8ff1fd9d3bab04b310987835c2ce6f0 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sun, 12 Jan 2020 18:40:56 -0800
Subject: [PATCH 2/3] iwpmd: Make copy_iwpm_sockaddr() only copy as many bytes
 as necessary

Instead of always copying 16 bytes, copy 4 bytes for IPv4 and 16 for IPv6.
This patch fixes the following Coverity complaint:

CID 1490693 (#1 of 1): Out-of-bounds access (OVERRUN)
8. overrun-buffer-arg: Overrunning buffer pointed to by dst of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument 16UL.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---
 iwpmd/iwarp_pm_common.c | 53 +++++++++++++++++++++++------------------
 1 file changed, 30 insertions(+), 23 deletions(-)

diff --git a/iwpmd/iwarp_pm_common.c b/iwpmd/iwarp_pm_common.c
index 5c877db7e..8160180ae 100644
--- a/iwpmd/iwarp_pm_common.c
+++ b/iwpmd/iwarp_pm_common.c
@@ -529,41 +529,48 @@ void copy_iwpm_sockaddr(__u16 addr_family, struct sockaddr_storage *src_sockaddr
 		      struct sockaddr_storage *dst_sockaddr,
 		      char *src_addr, char *dst_addr, __be16 *src_port)
 {
-	char *src = NULL, *dst = NULL;
-
-	if (src_addr)
-		src = src_addr;
-	if (dst_addr)
-		dst = dst_addr;
-
 	switch (addr_family) {
-	case AF_INET:
+	case AF_INET: {
+		const struct in_addr *src = (void *)src_addr;
+		struct in_addr *dst = (void *)dst_addr;
+		const struct sockaddr_in *src_sockaddr_in;
+		struct sockaddr_in *dst_sockaddr_in;
+
 		if (src_sockaddr) {
-			src = (char *)&((struct sockaddr_in *)src_sockaddr)->sin_addr.s_addr;
-			*src_port = ((struct sockaddr_in *)src_sockaddr)->sin_port;
+			src_sockaddr_in = (const void *)src_sockaddr;
+			src = &src_sockaddr_in->sin_addr;
+			*src_port = src_sockaddr_in->sin_port;
 		}
 		if (dst_sockaddr) {
-			dst = (char *)&(((struct sockaddr_in *)dst_sockaddr)->sin_addr.s_addr);
-			((struct sockaddr_in *)dst_sockaddr)->sin_port = *src_port;
-			((struct sockaddr_in *)dst_sockaddr)->sin_family = AF_INET;
+			dst_sockaddr_in = (void *)dst_sockaddr;
+			dst = &dst_sockaddr_in->sin_addr;
+			dst_sockaddr_in->sin_port = *src_port;
+			dst_sockaddr_in->sin_family = AF_INET;
 		}
+		*dst = *src;
 		break;
-	case AF_INET6:
+	}
+	case AF_INET6: {
+		const struct in6_addr *src = (void *)src_addr;
+		struct in6_addr *dst = (void *)dst_addr;
+		const struct sockaddr_in6 *src_sockaddr_in6;
+		struct sockaddr_in6 *dst_sockaddr_in6;
+
 		if (src_sockaddr) {
-			src = (char *)&((struct sockaddr_in6 *)src_sockaddr)->sin6_addr.s6_addr;
-			*src_port = ((struct sockaddr_in6 *)src_sockaddr)->sin6_port;
+			src_sockaddr_in6 = (const void *)src_sockaddr;
+			src = &src_sockaddr_in6->sin6_addr;
+			*src_port = src_sockaddr_in6->sin6_port;
 		}
 		if (dst_sockaddr) {
-			dst = (char *)&(((struct sockaddr_in6 *)dst_sockaddr)->sin6_addr.s6_addr);
-			((struct sockaddr_in6 *)dst_sockaddr)->sin6_port = *src_port;
-			((struct sockaddr_in6 *)dst_sockaddr)->sin6_family = AF_INET6;
+			dst_sockaddr_in6 = (void *)dst_sockaddr;
+			dst = &dst_sockaddr_in6->sin6_addr;
+			dst_sockaddr_in6->sin6_port = *src_port;
+			dst_sockaddr_in6->sin6_family = AF_INET6;
 		}
+		*dst = *src;
 		break;
-	default:
-		return;
 	}
-
-	memcpy(dst, src, IWPM_IPADDR_SIZE);
+	}
 }
 
 /**

From d04d4660d114bf5517eaa23217af01263a271688 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Sun, 12 Jan 2020 19:36:37 -0800
Subject: [PATCH 3/3] ibacm: Fix a memory leak in an acm_open_dev() error path

This patch fixes the following Coverity complaint:

CID 1490689 (#1 of 1): Resource leak (RESOURCE_LEAK)
15. leaked_storage: Variable dev going out of scope leaks the storage it points to.

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---
 ibacm/src/acm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ibacm/src/acm.c b/ibacm/src/acm.c
index ad313075c..04b84e348 100644
--- a/ibacm/src/acm.c
+++ b/ibacm/src/acm.c
@@ -2654,6 +2654,8 @@ static void acm_open_dev(struct ibv_device *ibdev)
 		return;
 	}
 
+	free(dev);
+
 err1:
 	ibv_close_device(verbs);
 }