route/mdb: fix buffer overflow in mdb_msg_parser()

Found by coverity: 4. libnl-3.6.0/lib/route/mdb.c:198: overrun-buffer-arg: Overrunning array "db_attr" of 1 8-byte elements by passing it to a function which accesses it at element index 1 (byte offset 15) using argument "1". Fixes: 0ec6c6c2f023 ('mdb: support bridge multicast database notification')
author: Thomas Haller <thaller@redhat.com> 2022-04-22 15:40:01 (GMT)
committer: Thomas Haller <thaller@redhat.com> 2022-04-22 15:42:25 (GMT)
commit: d544105979b1dfdf06ac525b4e5982f58c25ce77 (patch)
tree: 528fe2e3fa16a958ef50ab73d7a47fc64bead732
parent: 4d12b635e671e21d992b83e27280f841bda07899 (diff)
download: libnl-d544105979b1dfdf06ac525b4e5982f58c25ce77.zip
libnl-d544105979b1dfdf06ac525b4e5982f58c25ce77.tar.gz
libnl-d544105979b1dfdf06ac525b4e5982f58c25ce77.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/route/mdb.c b/lib/route/mdb.c
index 894a0bb..39fad48 100644
--- a/lib/route/mdb.c
+++ b/lib/route/mdb.c
@@ -193,7 +193,7 @@ static int mdb_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
 	mdb->ce_mask |= MDB_ATTR_IFINDEX;
 
 	if (tb[MDBA_MDB]) {
-		struct nlattr *db_attr[MDBA_MDB_MAX];
+		struct nlattr *db_attr[MDBA_MDB_MAX+1];
 
 		nla_parse_nested(db_attr, MDBA_MDB_MAX, tb[MDBA_MDB],
 		                 mdb_db_policy);
author	Thomas Haller <thaller@redhat.com>	2022-04-22 15:40:01 (GMT)
committer	Thomas Haller <thaller@redhat.com>	2022-04-22 15:42:25 (GMT)
commit	d544105979b1dfdf06ac525b4e5982f58c25ce77 (patch)
tree	528fe2e3fa16a958ef50ab73d7a47fc64bead732
parent	4d12b635e671e21d992b83e27280f841bda07899 (diff)
download	libnl-d544105979b1dfdf06ac525b4e5982f58c25ce77.zip libnl-d544105979b1dfdf06ac525b4e5982f58c25ce77.tar.gz libnl-d544105979b1dfdf06ac525b4e5982f58c25ce77.tar.bz2