| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230918184631.16228-1-stephen@networkplumber.org>
Date: Mon, 18 Sep 2023 11:46:30 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Cc: Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH iproute2 1/2] bridge: fix potential snprintf overflow
There is a theoretical snprintf overflow in bridge slave bitmask
print code found by CodeQL scan.
Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
---
ip/iplink_bridge_slave.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index dc73c86574da..3821923b5da5 100644
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -100,13 +100,20 @@ static void _bitmask2str(__u16 bitmask, char *dst, size_t dst_size,
int len, i;
for (i = 0, len = 0; bitmask; i++, bitmask >>= 1) {
+ int n;
+
if (bitmask & 0x1) {
if (tbl[i])
- len += snprintf(dst + len, dst_size - len, "%s,",
+ n = snprintf(dst + len, dst_size - len, "%s,",
tbl[i]);
else
- len += snprintf(dst + len, dst_size - len, "0x%x,",
+ n = snprintf(dst + len, dst_size - len, "0x%x,",
(1 << i));
+
+ if (n < 0 || n >= dst_size - len)
+ break;
+
+ len += n;
}
}
--
2.39.2
Powered by blists - more mailing lists