dns: Fix bug in error handling when talking to script

flichtenheld · cron2 · commit bd27319f2afa · 2025-09-24T14:28:08.000+02:00
Comparing the result of read/write to a size_t value is dangerous C. Since ssize_t and size_t have the same size ssize_t is promoted to size_t, so -1 becomes size_t max value and is not smaller than the expected length. Make sure to compare ssize_t to ssize_t to avoid any suprises. Change-Id: Ic395b6d1dce510bb4b499c5beba61f033a2a860b Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Heiko Hund <heiko@openvpn.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1208 Message-Id: <20250924121901.13532-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59238099/ Signed-off-by: Gert Doering <gert@greenie.muc.de>
diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
@@ -642,11 +642,10 @@ run_updown_runner(bool up, struct options *o, const struct tuntap *tt,
 
         while (1)
         {
-            ssize_t rlen, wlen;
             char path[PATH_MAX];
 
             /* Block here until parent sends a path */
-            rlen = read(dns_pipe_fd[0], &path, sizeof(path));
+            ssize_t rlen = read(dns_pipe_fd[0], &path, sizeof(path));
             if (rlen < 1)
             {
                 if (rlen == -1 && errno == EINTR)
@@ -665,8 +664,8 @@ run_updown_runner(bool up, struct options *o, const struct tuntap *tt,
             /* Unblock parent process */
             while (1)
             {
-                wlen = write(ack_pipe_fd[1], &res, sizeof(res));
-                if ((wlen == -1 && errno != EINTR) || wlen < sizeof(res))
+                ssize_t wlen = write(ack_pipe_fd[1], &res, sizeof(res));
+                if ((wlen == -1 && errno != EINTR) || wlen < (ssize_t)sizeof(res))
                 {
                     /* Not much we can do about errors but exit */
                     close(dns_pipe_fd[0]);
@@ -727,7 +726,7 @@ run_up_down_command(bool up, struct options *o, const struct tuntap *tt,
         env_set_write_file(dvf, es);
 
         int wfd = updown_runner->fds[1];
-        size_t dvf_size = strlen(dvf) + 1;
+        ssize_t dvf_size = strlen(dvf) + 1;
         while (1)
         {
             ssize_t len = write(wfd, dvf, dvf_size);
@@ -746,7 +745,7 @@ run_up_down_command(bool up, struct options *o, const struct tuntap *tt,
         while (1)
         {
             ssize_t len = read(rfd, &status, sizeof(status));
-            if (len < sizeof(status))
+            if (len < (ssize_t)sizeof(status))
             {
                 if (len == -1 && errno == EINTR)
                 {

Original file line number	Diff line number	Diff line change
`@@ -642,11 +642,10 @@ run_updown_runner(bool up, struct options o, const struct tuntap tt,`
`642`	`642`
`643`	`643`	`while (1)`
`644`	`644`	`{`
`645`		`- ssize_t rlen, wlen;`
`646`	`645`	`char path[PATH_MAX];`
`647`	`646`
`648`	`647`	`/* Block here until parent sends a path */`
`649`		`- rlen = read(dns_pipe_fd[0], &path, sizeof(path));`
	`648`	`+ ssize_t rlen = read(dns_pipe_fd[0], &path, sizeof(path));`
`650`	`649`	`if (rlen < 1)`
`651`	`650`	`{`
`652`	`651`	`if (rlen == -1 && errno == EINTR)`
`@@ -665,8 +664,8 @@ run_updown_runner(bool up, struct options o, const struct tuntap tt,`
`665`	`664`	`/* Unblock parent process */`
`666`	`665`	`while (1)`
`667`	`666`	`{`
`668`		`- wlen = write(ack_pipe_fd[1], &res, sizeof(res));`
`669`		`- if ((wlen == -1 && errno != EINTR) \|\| wlen < sizeof(res))`
	`667`	`+ ssize_t wlen = write(ack_pipe_fd[1], &res, sizeof(res));`
	`668`	`+ if ((wlen == -1 && errno != EINTR) \|\| wlen < (ssize_t)sizeof(res))`
`670`	`669`	`{`
`671`	`670`	`/* Not much we can do about errors but exit */`
`672`	`671`	`close(dns_pipe_fd[0]);`
`@@ -727,7 +726,7 @@ run_up_down_command(bool up, struct options o, const struct tuntap tt,`
`727`	`726`	`env_set_write_file(dvf, es);`
`728`	`727`
`729`	`728`	`int wfd = updown_runner->fds[1];`
`730`		`- size_t dvf_size = strlen(dvf) + 1;`
	`729`	`+ ssize_t dvf_size = strlen(dvf) + 1;`
`731`	`730`	`while (1)`
`732`	`731`	`{`
`733`	`732`	`ssize_t len = write(wfd, dvf, dvf_size);`
`@@ -746,7 +745,7 @@ run_up_down_command(bool up, struct options o, const struct tuntap tt,`
`746`	`745`	`while (1)`
`747`	`746`	`{`
`748`	`747`	`ssize_t len = read(rfd, &status, sizeof(status));`
`749`		`- if (len < sizeof(status))`
	`748`	`+ if (len < (ssize_t)sizeof(status))`
`750`	`749`	`{`
`751`	`750`	`if (len == -1 && errno == EINTR)`
`752`	`751`	`{`