From c0cd6149722ca525cf31a363dbe724689bef4d87 Mon Sep 17 00:00:00 2001
From: Tao Liu <ltao@redhat.com>
Date: Wed, 13 Mar 2024 14:30:48 +0800
Subject: [PATCH 01/44] irqbalance-ui: check if using a negative index of
 buffer

A negative index will be used when recv() fails, which is unexpected for
the data buffer. The issue was found by Static Application Security
Testing (SAST), which is a potential weakness.

This patch will check the negative index before data buffer referencing.

Signed-off-by: Tao Liu <ltao@redhat.com>
---
 ui/irqbalance-ui.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ui/irqbalance-ui.c b/ui/irqbalance-ui.c
index b7f9b62..c26eff6 100644
--- a/ui/irqbalance-ui.c
+++ b/ui/irqbalance-ui.c
@@ -127,9 +127,13 @@ try_again:
 	char *data = malloc(default_bufsz);
 	int len = recv(socket_fd, data, default_bufsz, MSG_TRUNC);
 	close(socket_fd);
-	data[len] = '\0';
 	free(msg->msg_control);
 	free(msg);
+	if (len < 0) {
+		free(data);
+		return NULL;
+	}
+	data[len] = '\0';
 	if (len >= default_bufsz) {
 		/* msg was truncated, increase bufsz and try again */
 		default_bufsz += 8192;
-- 
2.47.0