57 lines
1.9 KiB
Diff
57 lines
1.9 KiB
Diff
From a2dcf74fce24aeba2a7e191a4b294b8f9622a3a8 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
|
|
Date: Tue, 8 Nov 2022 07:41:00 +0100
|
|
Subject: [PATCH 4/4] test/getrandom-fallback.c: Fix 'OVERRUN' found by
|
|
Covscan.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
CWE-119: Out-of-bounds access to a buffer (OVERRUN)
|
|
|
|
overrun-buffer-arg: Calling memset with buf and buflen is suspicious
|
|
because of the very large index, 9223372036854775807. The index may
|
|
be due to a negative parameter being interpreted as unsigned.
|
|
|
|
Limiting buflen to INT16_MAX is big enough for our purposes.
|
|
|
|
Signed-off-by: Björn Esser <besser82@fedoraproject.org>
|
|
---
|
|
test/getrandom-fallbacks.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/test/getrandom-fallbacks.c b/test/getrandom-fallbacks.c
|
|
index bd97667..b124c18 100644
|
|
--- a/test/getrandom-fallbacks.c
|
|
+++ b/test/getrandom-fallbacks.c
|
|
@@ -77,7 +77,7 @@ __wrap_getrandom (void *buf, size_t buflen, unsigned int ARG_UNUSED(flags))
|
|
}
|
|
else
|
|
{
|
|
- buflen = MIN (buflen, SSIZE_MAX);
|
|
+ buflen = MIN (buflen, INT16_MAX);
|
|
memset (buf, MOCK_getrandom, buflen);
|
|
return (ssize_t)buflen;
|
|
}
|
|
@@ -130,7 +130,7 @@ __wrap_syscall(long number, ...)
|
|
va_start (ap, number);
|
|
void *buf = va_arg (ap, void *);
|
|
size_t buflen = va_arg (ap, size_t);
|
|
- buflen = MIN (buflen, SSIZE_MAX);
|
|
+ buflen = MIN (buflen, INT16_MAX);
|
|
va_end (ap);
|
|
memset (buf, MOCK_sys_getrandom, buflen);
|
|
return (ssize_t)buflen;
|
|
@@ -205,7 +205,7 @@ __wrap_read (int fd, void *buf, size_t count)
|
|
}
|
|
else
|
|
{
|
|
- count = MIN (count, SSIZE_MAX);
|
|
+ count = MIN (count, INT16_MAX);
|
|
memset (buf, MOCK_urandom, count);
|
|
return (ssize_t)count;
|
|
}
|
|
--
|
|
2.38.1
|
|
|