mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-15 16:24:13 +08:00
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
[ Upstream commit 118917d696
]
Fix off-by-one issues in 'rpc_ntop6':
- 'snprintf' returns the number of characters which would have been
written if enough space had been available, excluding the terminating
null byte. Thus, a return value of 'sizeof(scopebuf)' means that the
last character was dropped.
- 'strcat' adds a terminating null byte to the string, thus if len ==
buflen, the null byte is written past the end of the buffer.
Signed-off-by: Fedor Tokarev <ftokarev@gmail.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
ece3a3337c
commit
5e85d78ed4
@ -82,11 +82,11 @@ static size_t rpc_ntop6(const struct sockaddr *sap,
|
||||
|
||||
rc = snprintf(scopebuf, sizeof(scopebuf), "%c%u",
|
||||
IPV6_SCOPE_DELIMITER, sin6->sin6_scope_id);
|
||||
if (unlikely((size_t)rc > sizeof(scopebuf)))
|
||||
if (unlikely((size_t)rc >= sizeof(scopebuf)))
|
||||
return 0;
|
||||
|
||||
len += rc;
|
||||
if (unlikely(len > buflen))
|
||||
if (unlikely(len >= buflen))
|
||||
return 0;
|
||||
|
||||
strcat(buf, scopebuf);
|
||||
|
Loading…
Reference in New Issue
Block a user