126b76271a
Resolves: RHEL-58317 Resolves: RHEL-53438 Resolves: RHEL-36576 Resolves: RHEL-54006 Signed-off-by: Tao Liu <ltao@redhat.com>
40 lines
1.1 KiB
Diff
40 lines
1.1 KiB
Diff
From c0cd6149722ca525cf31a363dbe724689bef4d87 Mon Sep 17 00:00:00 2001
|
|
From: Tao Liu <ltao@redhat.com>
|
|
Date: Wed, 13 Mar 2024 14:30:48 +0800
|
|
Subject: [PATCH 01/44] irqbalance-ui: check if using a negative index of
|
|
buffer
|
|
|
|
A negative index will be used when recv() fails, which is unexpected for
|
|
the data buffer. The issue was found by Static Application Security
|
|
Testing (SAST), which is a potential weakness.
|
|
|
|
This patch will check the negative index before data buffer referencing.
|
|
|
|
Signed-off-by: Tao Liu <ltao@redhat.com>
|
|
---
|
|
ui/irqbalance-ui.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/ui/irqbalance-ui.c b/ui/irqbalance-ui.c
|
|
index b7f9b62..c26eff6 100644
|
|
--- a/ui/irqbalance-ui.c
|
|
+++ b/ui/irqbalance-ui.c
|
|
@@ -127,9 +127,13 @@ try_again:
|
|
char *data = malloc(default_bufsz);
|
|
int len = recv(socket_fd, data, default_bufsz, MSG_TRUNC);
|
|
close(socket_fd);
|
|
- data[len] = '\0';
|
|
free(msg->msg_control);
|
|
free(msg);
|
|
+ if (len < 0) {
|
|
+ free(data);
|
|
+ return NULL;
|
|
+ }
|
|
+ data[len] = '\0';
|
|
if (len >= default_bufsz) {
|
|
/* msg was truncated, increase bufsz and try again */
|
|
default_bufsz += 8192;
|
|
--
|
|
2.47.0
|
|
|