mirror of
https://passt.top/passt
synced 2025-05-25 18:45:37 +02:00
passt-repair: Correct off-by-one error verifying name
passt-repair will generate an error if the name it gets from the kernel is
too long or not NUL terminated. Downstream testing has reported
occasionally seeing this error in practice.
In turns out there is a trivial off-by-one error in the check: ev->len is
the length of the name, including terminating \0 characters, so to check
for a \0 at the end of the buffer we need to check ev->name[len - 1] not
ev->name[len].
Fixes: 42a854a52b ("pasta, passt-repair: Support multiple events per read() in inotify handlers")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson
Stefano Brivio
parent
dec3d73e1e
commit
3d41e4d838
1 changed files with 1 additions and 1 deletions
|
|
@ -157,7 +157,7 @@ int main(int argc, char **argv)
|
|||
}
|
||||
} while (!found);
|
||||
|
||||
if (ev->len > NAME_MAX + 1 || ev->name[ev->len] != '\0') {
|
||||
if (ev->len > NAME_MAX + 1 || ev->name[ev->len - 1] != '\0') {
|
||||
fprintf(stderr, "Invalid filename from inotify\n");
|
||||
_exit(1);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue