diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2025-04-02 15:28:04 +1100 |
|---|---|---|
| committer | David Gibson <david@gibson.dropbear.id.au> | 2025-04-02 15:45:16 +1100 |
| commit | 8fed562e63f3bf7ab2ddabaf1b31de49e03c4083 (patch) | |
| tree | b92721935d97080afdd06e24bc28332ada5a3d19 | |
| parent | dadf2aa2691976219b8272276860926427b97c04 (diff) | |
| download | passt-c9s.tar passt-c9s.tar.gz passt-c9s.tar.bz2 passt-c9s.tar.lz passt-c9s.tar.xz passt-c9s.tar.zst passt-c9s.zip | |
passt-repair: Correct off-by-one error verifying namec9s
passt-repair will generate an error if the name it gets from the kernel is
too long or not NUL terminated. Downstream testing has reported
occasionally seeing this error in practice.
In turns out there is a trivial off-by-one error in the check: ev->len is
the length of the name, including terminating \0 characters, so to check
for a \0 at the end of the buffer we need to check ev->name[len - 1] not
ev->name[len].
Fixes: 42a854a52 ("pasta, passt-repair: Support multiple events per...")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
| -rw-r--r-- | passt-repair.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/passt-repair.c b/passt-repair.c index 86f0293..440c77a 100644 --- a/passt-repair.c +++ b/passt-repair.c @@ -157,7 +157,7 @@ int main(int argc, char **argv) } } while (!found); - if (ev->len > NAME_MAX + 1 || ev->name[ev->len] != '\0') { + if (ev->len > NAME_MAX + 1 || ev->name[ev->len - 1] != '\0') { fprintf(stderr, "Invalid filename from inotify\n"); _exit(1); } |