[PATCH 2/2] libkmod-builtin: consider final NIL in name length check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



There is potential buffer overrun in kmod_builtin_iter_get_modname()
for the name of length PATH_MAX. The required buffer size is
PATH_MAX, so `modname[len] = '\0'` with len == PATH_MAX will write
right beyond the buffer.

Check the length against PATH_MAX - 1.

Signed-off-by: Yauheni Kaliuta <ykaliuta@xxxxxxxxxx>
---
 libkmod/libkmod-builtin.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index a002cb5ee2c6..3d4d77ab29b3 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
 
 	len = dot - line;
 
-	if (len >= PATH_MAX) {
+	if (len >= PATH_MAX - 1) {
 		sv_errno = ENAMETOOLONG;
 		goto fail;
 	}
-- 
2.31.1




[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux