From 5d3fce35c853af35b0c98f34fd5fdd46f5252ffe Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sat, 27 Jun 2026 07:25:59 +0200 Subject: [PATCH 1/2] confd: guard NULL band/ssid/class in WiFi config generation lydx_get_cattr() yields NULL for an absent leaf or a failed radio component lookup; that NULL was passed straight to strcmp() on several WiFi paths (wifi_chan_to_freq, the wifi_gen_mesh width branches, wifi_find_higher_band_twin, dep_radio_components), risking a crash. Guard each value before use. Fixes Coverity CID 561387, 561389, 561390, 561391, 561392. Signed-off-by: Joachim Wiberg --- src/confd/src/core.c | 2 +- src/confd/src/hardware.c | 6 +++--- src/confd/src/if-wifi.c | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/confd/src/core.c b/src/confd/src/core.c index ea6bd8a9d..a0569b688 100644 --- a/src/confd/src/core.c +++ b/src/confd/src/core.c @@ -439,7 +439,7 @@ static confd_dependency_t dep_radio_components(struct lyd_node **diff, struct ly class = lyd_get_value(class_node); } - if (strcmp(class, "infix-hardware:wifi")) + if (!class || strcmp(class, "infix-hardware:wifi")) continue; /* Find all interfaces that reference this radio */ diff --git a/src/confd/src/hardware.c b/src/confd/src/hardware.c index 06629d364..816396bdc 100644 --- a/src/confd/src/hardware.c +++ b/src/confd/src/hardware.c @@ -237,7 +237,7 @@ static const char *wifi_find_higher_band_twin(struct lyd_node *config, { struct lyd_node *cifs, *cif; - if (strcmp(current_band, "2.4GHz")) + if (!current_band || !current_ssid || strcmp(current_band, "2.4GHz")) return NULL; cifs = lydx_get_descendant(config, "interfaces", "interface", NULL); @@ -252,13 +252,13 @@ static const char *wifi_find_higher_band_twin(struct lyd_node *config, if (!ap) continue; ssid = lydx_get_cattr(ap, "ssid"); - if (strcmp(ssid, current_ssid)) + if (!ssid || strcmp(ssid, current_ssid)) continue; radio = lydx_get_cattr(wifi, "radio"); radio_node = lydx_get_xpathf(config, "/hardware/component[name='%s']/wifi-radio", radio); band = lydx_get_cattr(radio_node, "band"); - if (!strcmp(band, "5GHz") || !strcmp(band, "6GHz")) + if (band && (!strcmp(band, "5GHz") || !strcmp(band, "6GHz"))) return lydx_get_cattr(cif, "name"); } diff --git a/src/confd/src/if-wifi.c b/src/confd/src/if-wifi.c index 3c8bea5d2..21baf77c8 100644 --- a/src/confd/src/if-wifi.c +++ b/src/confd/src/if-wifi.c @@ -283,7 +283,7 @@ static int wifi_center_chan_160(int ch) */ static int wifi_chan_to_freq(int channel, const char *band) { - if (!strcmp(band, "6GHz")) + if (band && !strcmp(band, "6GHz")) return 5950 + channel * 5; if (channel >= 1 && channel <= 13) @@ -392,7 +392,7 @@ int wifi_gen_mesh(struct lyd_node *cif) int center = wifi_center_chan_80(channel); fprintf(wpa_supplicant, " ht40=1\n"); - if (!strcmp(band, "6GHz")) + if (band && !strcmp(band, "6GHz")) fprintf(wpa_supplicant, " he=1\n"); else fprintf(wpa_supplicant, " vht=1\n"); @@ -403,7 +403,7 @@ int wifi_gen_mesh(struct lyd_node *cif) int center = wifi_center_chan_160(channel); fprintf(wpa_supplicant, " ht40=1\n"); - if (!strcmp(band, "6GHz")) + if (band && !strcmp(band, "6GHz")) fprintf(wpa_supplicant, " he=1\n"); else fprintf(wpa_supplicant, " vht=1\n"); From 23c5f16a4f2179c6f19a65a252eb435840f7f021 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sat, 27 Jun 2026 07:26:04 +0200 Subject: [PATCH 2/2] confd: guard NULL forced PMD in fixed-speed ethtool config In netdag_gen_ethtool_autoneg() the unmapped and "exactly one entry" checks already guarantee a forced PMD link mode is selected, but Coverity cannot see the correlation and flags the later deref. Fold !forced into the entry-count guard to make the invariant explicit. Fixes Coverity CID 561388. Signed-off-by: Joachim Wiberg --- src/confd/src/ieee802-ethernet-interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/confd/src/ieee802-ethernet-interface.c b/src/confd/src/ieee802-ethernet-interface.c index 18d03bcec..87eed1c76 100644 --- a/src/confd/src/ieee802-ethernet-interface.c +++ b/src/confd/src/ieee802-ethernet-interface.c @@ -237,7 +237,7 @@ static int netdag_gen_ethtool_autoneg(struct dagger *net, struct lyd_node *cif) err = -EINVAL; goto out; } - if (n != 1) { + if (n != 1 || !forced) { sr_session_set_error_message(net->session, "%s: auto-negotiation/enable=false requires exactly one " "advertised-pmd-types entry (have %d)", ifname, n);