conf, tcp, udp: Arrays for ports need 2^16 values, not 2^16-8
Reported by David but also by Coverity (CWE-119): In conf_ports: Out-of-bounds access to a buffer ...not in practice, because the allocation size is rounded up anyway, but not nice either. Reported-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
d30bde3181
commit
4a1b675278
3 changed files with 5 additions and 5 deletions
2
conf.c
2
conf.c
|
@ -127,8 +127,8 @@ static int conf_ports(struct ctx *c, char optname, const char *optarg,
|
|||
{
|
||||
int start_src, end_src, start_dst, end_dst, exclude_only = 1, i, port;
|
||||
char addr_buf[sizeof(struct in6_addr)] = { 0 }, *addr = addr_buf;
|
||||
uint8_t *map, exclude[DIV_ROUND_UP(USHRT_MAX, 8)] = { 0 };
|
||||
void (*remap)(in_port_t port, in_port_t delta);
|
||||
uint8_t *map, exclude[USHRT_MAX / 8] = { 0 };
|
||||
char buf[BUFSIZ], *sep, *spec, *p;
|
||||
sa_family_t af = AF_UNSPEC;
|
||||
|
||||
|
|
4
tcp.h
4
tcp.h
|
@ -69,9 +69,9 @@ struct tcp_ctx {
|
|||
uint64_t hash_secret[2];
|
||||
int conn_count;
|
||||
int splice_conn_count;
|
||||
uint8_t port_to_tap [USHRT_MAX / 8];
|
||||
uint8_t port_to_tap [DIV_ROUND_UP(USHRT_MAX, 8)];
|
||||
int init_detect_ports;
|
||||
uint8_t port_to_init [USHRT_MAX / 8];
|
||||
uint8_t port_to_init [DIV_ROUND_UP(USHRT_MAX, 8)];
|
||||
int ns_detect_ports;
|
||||
struct timespec timer_run;
|
||||
#ifdef HAS_SND_WND
|
||||
|
|
4
udp.h
4
udp.h
|
@ -53,9 +53,9 @@ union udp_epoll_ref {
|
|||
* @timer_run: Timestamp of most recent timer run
|
||||
*/
|
||||
struct udp_ctx {
|
||||
uint8_t port_to_tap [USHRT_MAX / 8];
|
||||
uint8_t port_to_tap [DIV_ROUND_UP(USHRT_MAX, 8)];
|
||||
int init_detect_ports;
|
||||
uint8_t port_to_init [USHRT_MAX / 8];
|
||||
uint8_t port_to_init [DIV_ROUND_UP(USHRT_MAX, 8)];
|
||||
int ns_detect_ports;
|
||||
struct timespec timer_run;
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue