Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses a broad set of Coverity findings across the wolfIP core, POSIX port layer, and test utilities, focusing on removing dead/unreachable code and hardening error handling and bounds checks.
Changes:
- Harden wolfIP core logic with additional bounds checks, integer masking, and defensive guards.
- Improve POSIX wrapper correctness (thread-safety locking, fd allocation error handling, env var validation).
- Fix test utilities for resource cleanup, unchecked return values, and weak RNG usage.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/wolfip.c | Adds safety guards (modulo-by-zero, bounds checks), checksum masking, and small logic cleanups. |
| src/port/posix/bsd_socket.c | Adds fcntl error checking, mutex protection for socket/init paths, env IP validation, and dead-code cleanup. |
| src/port/posix/tap_linux.c | Ensures ifname null-termination and closes sock_fd on successful init. |
| src/test/test_wolfssl_forwarding.c | Adds NULL check around wolfIP_getdev() usage. |
| src/test/test_ttl_expired.c | Switches RNG to getrandom() with fallback; checksum masking. |
| src/test/test_native_wolfssl.c | Explicitly ignores setsockopt return value. |
| src/test/test_eventloop.c | Ensures fd cleanup on error/exit paths; ignores setsockopt return value. |
| src/test/test_dhcp_dns.c | Ensures fd cleanup on error/exit paths; ignores setsockopt return value. |
| src/test/tcp_netcat_select.c | Checks send() return value; removes unreachable cleanup. |
| src/test/tcp_netcat_poll.c | Checks send() return value; removes unreachable cleanup. |
| src/test/tcp_echo.c | Fixes socket() failure check; removes unreachable cleanup. |
| src/test/esp/test_esp.c | Ensures fd cleanup on error/exit paths; ignores setsockopt return value. |
| src/test/esp/esp_server.c | Fixes socket() failure check. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…oid potential deadlock - inet_aton: Validate host_stack_ip_str before calling inet_aton() - test_ttl_expired.c: Added #ifdef __linux__ guard around <sys/random.h> / getrandom() for macOS/FreeBSD portability - tcp_netcat_poll.c / tcp_netcat_select.c: Replaced simple send() with retry loop to handle short writes
…sing t->S->last_tick when t->S was NULL (due to a race where close_socket zeroes continue; in tcp_input. FreeBSD interop — That failure showed ssh segfaulting (exit code 139), which appears to be a CI VM infrastructure issue, not caused by our code. FreeBSD uses tap_freebsd.c, not tap_linux.c, and the SSH process itself crashed. This is likely not fixable on our side.
danielinux
requested changes
Mar 5, 2026
Member
danielinux
left a comment
danielinux
left a comment
There was a problem hiding this comment.
nit: remove comment on default rwnd, that's config-specific, while the code covers all cases.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Dead Code (10 fixes)
wolfip_calc_msghdr_lensend(),write(), andsendto()nonblock EAGAIN pathswolfIP_sock_recvmsgif (!saw_end)before unconditionalreturn -1indhcp_parse_ackwhile(1)loopsNull Pointer Dereference (3 fixes)
fifo_peek()in UDPrecvfrompathwolfIP_getdev()return value ininit_wolfip_posixwolfIP_getdev(server_stack)Uninitialized Variable (1 fix)
calloc()instead ofmalloc()forheap_bufinwolfIP_sock_recvmsgInteger Issues (3 fixes)
(~sum & 0xFFFF)inicmp_checksum(~acc & 0xFFFF)inones_csumif (f->size > 0)infifo_align_tailBuffer Overrun (2 fixes)
(pos + 4 > dns_len)before reading IP bytes indns_callbackmemcpyinwolfIP_sock_sendtoResource Leak (3 fixes)
sock_fdat end of successfultap_initpathpt_echoserverexit pathsUnchecked Return Values (4 fixes)
fcntlreturn values inwolfip_fd_alloc; close pipes on failuresend()return valuesetsockoptto(void)Thread Safety (4 fixes)
entryafter unlock/relock inwolfip_accept_commoninternal_fdafter unlock/relock insendto()socket()init_wolfip_posixWeak Crypto (1 fix)
rand()withgetrandom()(test-only code)Negative Returns (2 fixes)
socket() == 0tosocket() < 0Tainted Data (1 fix)
atoip4()Buffer Not Null Terminated (1 fix)
ifr.ifr_nameafterstrncpyNone of these are CVE worthy fixes imo. The most security-relevant items (DNS/ICMP bounds, divide-by-zero, weak RNG) are bounded by internal protocol constraints or only affect test code. All fixes are defense-in-depth hardening.