| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 May 2023 23:42:16 +0200
From: Andrea Claudi <aclaudi@...hat.com>
To: netdev@...r.kernel.org
Cc: stephen@...workplumber.org,
dsahern@...il.com
Subject: [PATCH iproute2] iproute_lwtunnel: fix array boundary check
seg6_mode_types is made up of 5 elements, so ARRAY_SIZE(seg6_mode_types)
evaluates to 5. Thus, when mode = 5, this function returns
seg6_mode_types[5], resulting in an out-of-bound access.
Fix this bailing out when mode is equal to or greater than 5.
Fixes: cf87da417bb4 ("iproute: add support for seg6 l2encap mode")
Signed-off-by: Andrea Claudi <aclaudi@...hat.com>
---
ip/iproute_lwtunnel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
index 96de3b20..94985972 100644
--- a/ip/iproute_lwtunnel.c
+++ b/ip/iproute_lwtunnel.c
@@ -140,7 +140,7 @@ static const char *seg6_mode_types[] = {
static const char *format_seg6mode_type(int mode)
{
- if (mode < 0 || mode > ARRAY_SIZE(seg6_mode_types))
+ if (mode < 0 || mode >= ARRAY_SIZE(seg6_mode_types))
return "<unknown>";
return seg6_mode_types[mode];
--
2.40.1
Powered by blists - more mailing lists