| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6cc4b6c9c31e49508c07df7334831a73@huawei.com>
Date: Mon, 15 Nov 2021 11:27:34 +0000
From: "jiangheng (H)" <jiangheng12@...wei.com>
To: "netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC: "Chenxiang (EulerOS)" <rose.chen@...wei.com>
Subject: [PATCH iproute2] lnstat:fix buffer overflow in lnstat lnstat
segfaults when called the following command: $ lnstat -w 1
>From d797c268003919f6e83c1bbdccebf62805dc2581 Mon Sep 17 00:00:00 2001
From: jiangheng <jiangheng12@...wei.com>
Date: Thu, 11 Nov 2021 18:20:26 +0800
Subject: [PATCH iproute2] lnstat:fix buffer overflow in lnstat lnstat
segfaults when called the following command: $ lnstat -w 1
[root@...104 conf.d]# lnstat -w 1
Segmentation fault (core dumped)
The maximum value of th.num_lines is HDR_LINES(10), h should not be equal to th.num_lines, array th.hdr may be out of bounds.
Signed-off-by jiangheng <jiangheng12@...wei.com>
---
misc/lnstat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/misc/lnstat.c b/misc/lnstat.c
index 89cb0e7e..26be852d 100644
--- a/misc/lnstat.c
+++ b/misc/lnstat.c
@@ -211,7 +211,7 @@ static struct table_hdr *build_hdr_string(struct lnstat_file *lnstat_files,
ofs += width+1;
}
/* fill in spaces */
- for (h = 1; h <= th.num_lines; h++) {
+ for (h = 1; h < th.num_lines; h++) {
for (i = 0; i < ofs; i++) {
if (th.hdr[h][i] == '\0')
th.hdr[h][i] = ' ';
--
2.27.0
Powered by blists - more mailing lists