Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch')
-rw-r--r--sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch62
1 files changed, 62 insertions, 0 deletions
diff --git a/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch b/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch
new file mode 100644
index 000000000000..6c6c9a5c4308
--- /dev/null
+++ b/sys-apps/iproute2/files/iproute2-4.0.0-tc-show-buffer-overflow.patch
@@ -0,0 +1,62 @@
+https://bugs.gentoo.org/546928
+
+From 46679bbbe89699016d31486de7599590d02a5054 Mon Sep 17 00:00:00 2001
+From: Vadim Kochan <vadim4j@gmail.com>
+Date: Mon, 20 Apr 2015 08:33:32 +0300
+Subject: [PATCH] tc util: Fix possible buffer overflow when print class id
+
+Use correct handle buffer length.
+
+Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
+---
+ tc/tc_util.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/tc/tc_util.c b/tc/tc_util.c
+index 1d3153d..dc2b70f 100644
+--- a/tc/tc_util.c
++++ b/tc/tc_util.c
+@@ -128,30 +128,31 @@ ok:
+ return 0;
+ }
+
+-int print_tc_classid(char *buf, int len, __u32 h)
++int print_tc_classid(char *buf, int blen, __u32 h)
+ {
+- char handle[40] = {};
++ SPRINT_BUF(handle) = {};
++ int hlen = SPRINT_BSIZE - 1;
+
+ if (h == TC_H_ROOT)
+ sprintf(handle, "root");
+ else if (h == TC_H_UNSPEC)
+- snprintf(handle, len, "none");
++ snprintf(handle, hlen, "none");
+ else if (TC_H_MAJ(h) == 0)
+- snprintf(handle, len, ":%x", TC_H_MIN(h));
++ snprintf(handle, hlen, ":%x", TC_H_MIN(h));
+ else if (TC_H_MIN(h) == 0)
+- snprintf(handle, len, "%x:", TC_H_MAJ(h) >> 16);
++ snprintf(handle, hlen, "%x:", TC_H_MAJ(h) >> 16);
+ else
+- snprintf(handle, len, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h));
++ snprintf(handle, hlen, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h));
+
+ if (use_names) {
+ char clname[IDNAME_MAX] = {};
+
+ if (id_to_name(cls_names, h, clname))
+- snprintf(buf, len, "%s#%s", clname, handle);
++ snprintf(buf, blen, "%s#%s", clname, handle);
+ else
+- snprintf(buf, len, "%s", handle);
++ snprintf(buf, blen, "%s", handle);
+ } else {
+- snprintf(buf, len, "%s", handle);
++ snprintf(buf, blen, "%s", handle);
+ }
+
+ return 0;
+--
+2.3.5
+