diff options
author | Phil Sutter <phil@nwl.cc> | 2022-12-20 15:02:16 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-12-21 17:50:31 +0100 |
commit | 3514a72f5a03ee7c6c268c31446b7a6994d4569d (patch) | |
tree | e141584bf25d848077f9d867316411820db36e7f /src | |
parent | afb27eebc7ffbd55db53412eca51e5a4cae2f432 (diff) |
conntrack: Fix potential array out of bounds access
If the link target length exceeds 'sizeof(tmp)' bytes, readlink() will
return 'sizeof(tmp)'. Using this value as index is illegal.
Fixes: b031cd2102d9b ("conntrack: pretty-print the portid")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index 859a483..aa6323d 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1769,7 +1769,7 @@ static char *portid2name(pid_t pid, uint32_t portid, unsigned long inode) continue; rl = readlink(procname, tmp, sizeof(tmp)); - if (rl <= 0 || rl > (ssize_t)sizeof(tmp)) + if (rl <= 0 || rl >= (ssize_t)sizeof(tmp)) continue; tmp[rl] = 0; |