41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
From 4d80122ae82aea86cb740b5202f6c3fde6183538 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Hemminger <stephen@networkplumber.org>
|
|
Date: Mon, 18 Sep 2023 11:34:42 -0700
|
|
Subject: [PATCH] bridge: fix potential snprintf overflow
|
|
|
|
There is a theoretical snprintf overflow in bridge slave bitmask
|
|
print code found by CodeQL scan.
|
|
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
---
|
|
ip/iplink_bridge_slave.c | 11 +++++++++--
|
|
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
|
|
index dc73c8657..3821923b5 100644
|
|
--- a/ip/iplink_bridge_slave.c
|
|
+++ b/ip/iplink_bridge_slave.c
|
|
@@ -100,13 +100,20 @@ static void _bitmask2str(__u16 bitmask, char *dst, size_t dst_size,
|
|
int len, i;
|
|
|
|
for (i = 0, len = 0; bitmask; i++, bitmask >>= 1) {
|
|
+ int n;
|
|
+
|
|
if (bitmask & 0x1) {
|
|
if (tbl[i])
|
|
- len += snprintf(dst + len, dst_size - len, "%s,",
|
|
+ n = snprintf(dst + len, dst_size - len, "%s,",
|
|
tbl[i]);
|
|
else
|
|
- len += snprintf(dst + len, dst_size - len, "0x%x,",
|
|
+ n = snprintf(dst + len, dst_size - len, "0x%x,",
|
|
(1 << i));
|
|
+
|
|
+ if (n < 0 || n >= dst_size - len)
|
|
+ break;
|
|
+
|
|
+ len += n;
|
|
}
|
|
}
|
|
|