35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
From 1cf50a1f2723764eb53fad7c5ff8754835806df0 Mon Sep 17 00:00:00 2001
|
|
From: Andrea Claudi <aclaudi@redhat.com>
|
|
Date: Mon, 29 May 2023 23:42:16 +0200
|
|
Subject: [PATCH] iproute_lwtunnel: fix array boundary check
|
|
|
|
seg6_mode_types is made up of 5 elements, so ARRAY_SIZE(seg6_mode_types)
|
|
evaluates to 5. Thus, when mode = 5, this function returns
|
|
seg6_mode_types[5], resulting in an out-of-bound access.
|
|
|
|
Fix this bailing out when mode is equal to or greater than 5.
|
|
|
|
Fixes: cf87da417bb4 ("iproute: add support for seg6 l2encap mode")
|
|
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
---
|
|
ip/iproute_lwtunnel.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
|
|
index 96de3b20..94985972 100644
|
|
--- a/ip/iproute_lwtunnel.c
|
|
+++ b/ip/iproute_lwtunnel.c
|
|
@@ -140,7 +140,7 @@ static const char *seg6_mode_types[] = {
|
|
|
|
static const char *format_seg6mode_type(int mode)
|
|
{
|
|
- if (mode < 0 || mode > ARRAY_SIZE(seg6_mode_types))
|
|
+ if (mode < 0 || mode >= ARRAY_SIZE(seg6_mode_types))
|
|
return "<unknown>";
|
|
|
|
return seg6_mode_types[mode];
|
|
--
|
|
2.27.0
|
|
|