lint fix: fix linter errors after migrating to v2

Signed-off-by: Gunjan Vyas <vyasgun20@gmail.com>

cmd/ssh-over-vsock/client.go

@@ -17,7 +17,7 @@ type client struct {
 func newClient(conn net.Conn, user string, key string) (*client, error) {
 	config, err := newConfig(user, key)
 	if err != nil {
-		return nil, fmt.Errorf("Error getting config for native Go SSH: %s", err)
+		return nil, fmt.Errorf("error getting config for native Go SSH: %s", err)
 	}
 
 	return &client{

cmd/vm/main_linux.go

@@ -5,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"math"
 	"net"
 	"net/http"
 	"os"
@@ -175,6 +176,10 @@ func rx(conn net.Conn, tap *water.Interface, errCh chan error, mtu int) {
 			log.Info(packet.String())
 		}
 
+		if n < 0 || n > math.MaxUint16 {
+			log.Errorf("invalid frame length")
+			return
+		}
 		binary.LittleEndian.PutUint16(size, uint16(n))
 		if _, err := conn.Write(append(size, frame...)); err != nil {
 			errCh <- errors.Wrap(err, "cannot write size and packet to socket")

pkg/services/dhcp/dhcp.go

@@ -3,6 +3,7 @@ package dhcp
 import (
 	"encoding/json"
 	"errors"
+	"math"
 	"net"
 	"net/http"
 	"time"
@@ -50,7 +51,13 @@ func handler(configuration *types.Configuration, ipPool *tap.IPPool) server4.Han
 		reply.UpdateOption(dhcpv4.Option{Code: dhcpv4.OptionSubnetMask, Value: dhcpv4.IP(parsedSubnet.Mask)})
 		reply.UpdateOption(dhcpv4.Option{Code: dhcpv4.OptionRouter, Value: dhcpv4.IP(net.ParseIP(configuration.GatewayIP))})
 		reply.UpdateOption(dhcpv4.Option{Code: dhcpv4.OptionDomainNameServer, Value: dhcpv4.IPs([]net.IP{net.ParseIP(configuration.GatewayIP)})})
-		reply.UpdateOption(dhcpv4.Option{Code: dhcpv4.OptionInterfaceMTU, Value: dhcpv4.Uint16(configuration.MTU)})
+
+		mtu := configuration.MTU
+		if mtu < 0 || mtu > math.MaxUint16 {
+			log.Errorf("dhcp: invalid MTU %d", mtu)
+		} else {
+			reply.UpdateOption(dhcpv4.Option{Code: dhcpv4.OptionInterfaceMTU, Value: dhcpv4.Uint16(mtu)})
+		}
 		reply.UpdateOption(dhcpv4.Option{Code: dhcpv4.OptionDNSDomainSearchList, Value: &rfc1035label.Labels{
 			Labels: configuration.DNSSearchDomains,
 		}})
@@ -71,7 +78,7 @@ func handler(configuration *types.Configuration, ipPool *tap.IPPool) server4.Han
 	}
 }
 
-func dial(s *stack.Stack, nic int) (*gonet.UDPConn, error) {
+func dial(s *stack.Stack, nic tcpip.NICID) (*gonet.UDPConn, error) {
 	var wq waiter.Queue
 	ep, err := s.NewEndpoint(udp.ProtocolNumber, ipv4.ProtocolNumber, &wq)
 	if err != nil {
@@ -98,7 +105,7 @@ type Server struct {
 }
 
 func New(configuration *types.Configuration, stack *stack.Stack, ipPool *tap.IPPool) (*Server, error) {
-	ln, err := dial(stack, 1)
+	ln, err := dial(stack, tcpip.NICID(1))
 	if err != nil {
 		return nil, err
 	}

pkg/services/forwarder/ports.go

@@ -378,7 +378,7 @@ func tcpipAddress(nicID tcpip.NICID, remote string) (address tcpip.FullAddress,
 		return address, errors.New("invalid remote addr")
 	}
 
-	port, err := strconv.Atoi(split[1])
+	port, err := strconv.ParseUint(split[1], 10, 16)
 	if err != nil {
 		return address, err
 

pkg/sshclient/ssh_forwarder.go

@@ -92,7 +92,7 @@ func connectForward(ctx context.Context, bastion *Bastion) (CloseWriteConn, erro
 			return nil, errors.Wrapf(err, "Couldn't reestablish ssh tunnel on path: %s", bastion.Path)
 		}
 		// Check if ssh connection is still alive
-		_, _, err = bastion.Client.Conn.SendRequest("alive@gvproxy", true, nil)
+		_, _, err = bastion.Client.SendRequest("alive@gvproxy", true, nil)
 		if err != nil {
 			for bastionRetries := 1; ; bastionRetries++ {
 				err = bastion.Reconnect(ctx)

pkg/tap/ip_pool.go

@@ -2,6 +2,7 @@ package tap
 
 import (
 	"errors"
+	"math"
 	"net"
 	"sync"
 
@@ -48,9 +49,11 @@ func (p *IPPool) GetOrAssign(mac string) (net.IP, error) {
 		}
 	}
 
-	var i uint64
-	for i = 1; i < p.count; i++ {
-		candidate, err := cidr.Host(p.base, int(i))
+	if p.count > math.MaxInt {
+		return nil, errors.New("IP pool exceeds maximum number of IP addresses")
+	}
+	for i := 1; i < int(p.count); i++ {
+		candidate, err := cidr.Host(p.base, i)
 		if err != nil {
 			continue
 		}

pkg/tap/link.go

@@ -13,7 +13,7 @@ import (
 
 type LinkEndpoint struct {
 	debug      bool
-	mtu        int
+	mtu        uint32
 	mac        tcpip.LinkAddress
 	ip         string
 	virtualIPs map[string]struct{}
@@ -22,7 +22,7 @@ type LinkEndpoint struct {
 	networkSwitch NetworkSwitch
 }
 
-func NewLinkEndpoint(debug bool, mtu int, macAddress string, ip string, virtualIPs []string) (*LinkEndpoint, error) {
+func NewLinkEndpoint(debug bool, mtu uint32, macAddress string, ip string, virtualIPs []string) (*LinkEndpoint, error) {
 	linkAddr, err := net.ParseMAC(macAddress)
 	if err != nil {
 		return nil, err
@@ -82,11 +82,11 @@ func (e *LinkEndpoint) MaxHeaderLength() uint16 {
 }
 
 func (e *LinkEndpoint) MTU() uint32 {
-	return uint32(e.mtu)
+	return e.mtu
 }
 
 func (e *LinkEndpoint) SetMTU(mtu uint32) {
-	e.mtu = int(mtu)
+	e.mtu = mtu
 }
 
 func (e *LinkEndpoint) Wait()                     {}

pkg/tap/protocols.go

@@ -2,6 +2,9 @@ package tap
 
 import (
 	"encoding/binary"
+	"math"
+
+	log "github.com/sirupsen/logrus"
 )
 
 type protocol interface {
@@ -27,7 +30,11 @@ func (s *hyperkitProtocol) Buf() []byte {
 }
 
 func (s *hyperkitProtocol) Write(buf []byte, size int) {
-	binary.LittleEndian.PutUint16(buf, uint16(size))
+	if size < 0 || size > math.MaxUint16 {
+		log.Warnf("size out of range. Resetting to %d", math.MaxUint16)
+		size = math.MaxUint16
+	}
+	binary.LittleEndian.PutUint16(buf, uint16(size)) //#nosec: G115
 }
 
 func (s *hyperkitProtocol) Read(buf []byte) int {
@@ -46,7 +53,11 @@ func (s *qemuProtocol) Buf() []byte {
 }
 
 func (s *qemuProtocol) Write(buf []byte, size int) {
-	binary.BigEndian.PutUint32(buf, uint32(size))
+	if size > math.MaxUint32 {
+		log.Warnf("size exceeds max limit. Resetting to: %d", math.MaxInt32)
+		size = math.MaxUint32
+	}
+	binary.BigEndian.PutUint32(buf, uint32(size)) //#nosec: G115. Safely checked
 }
 
 func (s *qemuProtocol) Read(buf []byte) int {

pkg/tap/switch.go

@@ -3,6 +3,7 @@ package tap
 import (
 	"bufio"
 	"context"
+	"fmt"
 	"io"
 	"net"
 	"sync"
@@ -127,6 +128,10 @@ func (e *Switch) txPkt(pkt *stack.PacketBuffer) error {
 	dst := eth.DestinationAddress()
 	src := eth.SourceAddress()
 
+	size := pkt.Size()
+	if size < 0 {
+		return fmt.Errorf("packet size out of range")
+	}
 	if dst == header.EthernetBroadcastAddress {
 		e.camLock.RLock()
 		srcID, ok := e.cam[src]
@@ -144,7 +149,7 @@ func (e *Switch) txPkt(pkt *stack.PacketBuffer) error {
 				return err
 			}
 
-			atomic.AddUint64(&e.Sent, uint64(pkt.Size()))
+			atomic.AddUint64(&e.Sent, uint64(size))
 		}
 	} else {
 		e.camLock.RLock()
@@ -159,7 +164,7 @@ func (e *Switch) txPkt(pkt *stack.PacketBuffer) error {
 		if err != nil {
 			return err
 		}
-		atomic.AddUint64(&e.Sent, uint64(pkt.Size()))
+		atomic.AddUint64(&e.Sent, uint64(size))
 	}
 	return nil
 }

pkg/transport/dial_linux.go

@@ -18,11 +18,11 @@ func Dial(endpoint string) (net.Conn, string, error) {
 	}
 	switch parsed.Scheme {
 	case "vsock":
-		contextID, err := strconv.Atoi(parsed.Hostname())
+		contextID, err := strconv.ParseUint(parsed.Hostname(), 10, 32)
 		if err != nil {
 			return nil, "", err
 		}
-		port, err := strconv.Atoi(parsed.Port())
+		port, err := strconv.ParseUint(parsed.Port(), 10, 32)
 		if err != nil {
 			return nil, "", err
 		}

pkg/transport/listen_linux.go

@@ -13,13 +13,13 @@ const DefaultURL = "vsock://:1024"
 func listenURL(parsed *url.URL) (net.Listener, error) {
 	switch parsed.Scheme {
 	case "vsock":
-		port, err := strconv.Atoi(parsed.Port())
+		port, err := strconv.ParseUint(parsed.Port(), 10, 32)
 		if err != nil {
 			return nil, err
 		}
 
 		if parsed.Hostname() != "" {
-			cid, err := strconv.Atoi(parsed.Hostname())
+			cid, err := strconv.ParseUint(parsed.Hostname(), 10, 32)
 			if err != nil {
 				return nil, err
 			}

pkg/virtualnetwork/conn.go

@@ -28,12 +28,11 @@ func (n *VirtualNetwork) DialContextTCP(ctx context.Context, addr string) (net.C
 	if err != nil {
 		return nil, err
 	}
-
 	return gonet.DialContextTCP(ctx, n.stack,
 		tcpip.FullAddress{
 			NIC:  1,
 			Addr: tcpip.AddrFrom4Slice(ip.To4()),
-			Port: uint16(port),
+			Port: port,
 		}, ipv4.ProtocolNumber)
 }
 
@@ -45,11 +44,11 @@ func (n *VirtualNetwork) Listen(network, addr string) (net.Listener, error) {
 	return gonet.ListenTCP(n.stack, tcpip.FullAddress{
 		NIC:  1,
 		Addr: tcpip.AddrFrom4Slice(ip.To4()),
-		Port: uint16(port),
+		Port: port,
 	}, ipv4.ProtocolNumber)
 }
 
-func splitIPPort(network string, addr string) (net.IP, uint64, error) {
+func splitIPPort(network string, addr string) (net.IP, uint16, error) {
 	if network != "tcp" {
 		return nil, 0, errors.New("only tcp is supported")
 	}
@@ -65,5 +64,5 @@ func splitIPPort(network string, addr string) (net.IP, uint64, error) {
 	if ip == nil {
 		return nil, 0, errors.New("invalid address, must be an IP")
 	}
-	return ip, port, nil
+	return ip, uint16(port), nil
 }

pkg/virtualnetwork/mux.go

@@ -33,11 +33,12 @@ func (n *VirtualNetwork) ServicesMux() *http.ServeMux {
 			http.Error(w, "ip is mandatory", http.StatusInternalServerError)
 			return
 		}
-		port, err := strconv.Atoi(r.URL.Query().Get("port"))
+		port, err := strconv.ParseUint(r.URL.Query().Get("port"), 10, 16)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
+		port16 := uint16(port)
 
 		hj, ok := w.(http.Hijacker)
 		if !ok {
@@ -67,7 +68,7 @@ func (n *VirtualNetwork) ServicesMux() *http.ServeMux {
 				return gonet.DialContextTCP(ctx, n.stack, tcpip.FullAddress{
 					NIC:  1,
 					Addr: tcpip.AddrFrom4Slice(net.ParseIP(ip).To4()),
-					Port: uint16(port),
+					Port: port16,
 				}, ipv4.ProtocolNumber)
 			},
 			OnDialError: func(_ net.Conn, dstDialErr error) {

pkg/virtualnetwork/virtualnetwork.go

@@ -41,11 +41,15 @@ func New(configuration *types.Configuration) (*VirtualNetwork, error) {
 		ipPool.Reserve(net.ParseIP(ip), mac)
 	}
 
-	tapEndpoint, err := tap.NewLinkEndpoint(configuration.Debug, configuration.MTU, configuration.GatewayMacAddress, configuration.GatewayIP, configuration.GatewayVirtualIPs)
+	mtu := configuration.MTU
+	if mtu < 0 || mtu > math.MaxUint32 {
+		return nil, errors.New("mtu is out of range")
+	}
+	tapEndpoint, err := tap.NewLinkEndpoint(configuration.Debug, uint32(mtu), configuration.GatewayMacAddress, configuration.GatewayIP, configuration.GatewayVirtualIPs)
 	if err != nil {
 		return nil, errors.Wrap(err, "cannot create tap endpoint")
 	}
-	networkSwitch := tap.NewSwitch(configuration.Debug, configuration.MTU)
+	networkSwitch := tap.NewSwitch(configuration.Debug, mtu)
 	tapEndpoint.Connect(networkSwitch)
 	networkSwitch.Connect(tapEndpoint)
 

pkg/virtualnetwork/vpnkit.go

@@ -4,7 +4,9 @@ import (
 	"context"
 	"crypto/rand"
 	"encoding/binary"
+	"fmt"
 	"io"
+	"math"
 	"net"
 
 	"github.com/containers/gvisor-tap-vsock/pkg/types"
@@ -41,6 +43,10 @@ func vpnkitHandshake(conn net.Conn, configuration *types.Configuration) error {
 	// https://github.com/moby/hyperkit/blob/2f061e447e1435cdf1b9eda364cea6414f2c606b/src/lib/pci_virtio_net_vpnkit.c#L131
 	resp := make([]byte, 258)
 	resp[0] = 0x01
+
+	if configuration.MTU < 0 || configuration.MTU > math.MaxUint16 {
+		return fmt.Errorf("invalid MTU: %d", configuration.MTU)
+	}
 	mtu := uint16(configuration.MTU)
 	binary.LittleEndian.PutUint16(resp[1:3], mtu)
 	binary.LittleEndian.PutUint16(resp[3:5], mtu+header.EthernetMinimumSize)

test-vfkit/vfkit_suite_test.go

@@ -62,7 +62,7 @@ func init() {
 
 var _ = ginkgo.BeforeSuite(func() {
 	// clear the environment before running the tests. It may happen the tests were abruptly stopped earlier leaving a dirty env
-	clear()
+	cleanup()
 
 	// check if vfkit version is greater than v0.5 (ignition support is available starting from v0.6)
 	version, err := vfkitVersion()
@@ -207,7 +207,7 @@ func sshCommand(cmd ...string) *exec.Cmd {
 	return sshCmd
 }
 
-func clear() {
+func cleanup() {
 	_ = os.Remove(efiStore)
 	_ = os.Remove(sock)
 	_ = os.Remove(vfkitSock)
@@ -249,5 +249,5 @@ var _ = ginkgo.AfterSuite(func() {
 			log.Error(err)
 		}
 	}
-	clear()
+	cleanup()
 })