diff options
| author | Thomas Haller <thaller@redhat.com> | 2022-04-22 20:03:41 (GMT) |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2022-04-22 20:05:10 (GMT) |
| commit | f918c3a427d3470cf3b7885537310e7a73c501bf (patch) | |
| tree | d0c81d593eb0d8a1ee829c30bf8c255cdea47fa7 | |
| parent | d4c79722c8f956af30b127133bd12edb9f673fc6 (diff) | |
| download | libnl-f918c3a427d3470cf3b7885537310e7a73c501bf.zip libnl-f918c3a427d3470cf3b7885537310e7a73c501bf.tar.gz libnl-f918c3a427d3470cf3b7885537310e7a73c501bf.tar.bz2 | |
route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist()
Coverity:
Error: OVERRUN (CWE-119):
libnl-3.6.0/lib/route/link/sriov.c:653: overrun-buffer-arg: Overrunning array "stb" of 6 8-byte elements by passing it to a function which accesses it at element index 8 (byte offset 71) u
# 651|ยทยทยท
# 652| if (t[IFLA_VF_STATS]) {
# 653|-> err = nla_parse_nested(stb, IFLA_VF_STATS_MAX,
# 654| t[IFLA_VF_STATS],
# 655| sriov_stats_policy);
Fixes: 5d6e43ebef12 ('lib/route: SRIOV Parse and Read support')
| -rw-r--r-- | lib/route/link/sriov.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/route/link/sriov.c b/lib/route/link/sriov.c index 3b4c028..ebc4e6a 100644 --- a/lib/route/link/sriov.c +++ b/lib/route/link/sriov.c @@ -648,7 +648,7 @@ int rtnl_link_sriov_parse_vflist(struct rtnl_link *link, struct nlattr **tb) { } if (t[IFLA_VF_STATS]) { - err = nla_parse_nested(stb, IFLA_VF_STATS_MAX, + err = nla_parse_nested(stb, RTNL_LINK_VF_STATS_MAX, t[IFLA_VF_STATS], sriov_stats_policy); if (err < 0) { |