conf, tcp, udp: Arrays for ports need 2^16 values, not 2^16-8

Reported by David but also by Coverity (CWE-119):

	In conf_ports: Out-of-bounds access to a buffer

...not in practice, because the allocation size is rounded up
anyway, but not nice either.

Reported-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

3 files changed, 5 insertions, 5 deletions

diff --git a/conf.c b/conf.c
index d80233c..7ecfa1e 100644
--- a/conf.c
+++ b/conf.c
@@ -127,8 +127,8 @@ static int conf_ports(struct ctx *c, char optname, const char *optarg,
 {
 	int start_src, end_src, start_dst, end_dst, exclude_only = 1, i, port;
 	char addr_buf[sizeof(struct in6_addr)] = { 0 }, *addr = addr_buf;
+	uint8_t *map, exclude[DIV_ROUND_UP(USHRT_MAX, 8)] = { 0 };
 	void (*remap)(in_port_t port, in_port_t delta);
-	uint8_t *map, exclude[USHRT_MAX / 8] = { 0 };
 	char buf[BUFSIZ], *sep, *spec, *p;
 	sa_family_t af = AF_UNSPEC;
 
diff --git a/tcp.h b/tcp.h
index 7b720c1..6431b75 100644
--- a/tcp.h
+++ b/tcp.h
@@ -69,9 +69,9 @@ struct tcp_ctx {
 	uint64_t hash_secret[2];
 	int conn_count;
 	int splice_conn_count;
-	uint8_t port_to_tap	[USHRT_MAX / 8];
+	uint8_t port_to_tap	[DIV_ROUND_UP(USHRT_MAX, 8)];
 	int init_detect_ports;
-	uint8_t port_to_init	[USHRT_MAX / 8];
+	uint8_t port_to_init	[DIV_ROUND_UP(USHRT_MAX, 8)];
 	int ns_detect_ports;
 	struct timespec timer_run;
 #ifdef HAS_SND_WND
diff --git a/udp.h b/udp.h
index f16fe5e..8f82842 100644
--- a/udp.h
+++ b/udp.h
@@ -53,9 +53,9 @@ union udp_epoll_ref {
  * @timer_run:		Timestamp of most recent timer run
  */
 struct udp_ctx {
-	uint8_t port_to_tap		[USHRT_MAX / 8];
+	uint8_t port_to_tap		[DIV_ROUND_UP(USHRT_MAX, 8)];
 	int init_detect_ports;
-	uint8_t port_to_init		[USHRT_MAX / 8];
+	uint8_t port_to_init		[DIV_ROUND_UP(USHRT_MAX, 8)];
 	int ns_detect_ports;
 	struct timespec timer_run;
 };