From 4c775c035e2751b1aec52dcc2ca0e4fc99bac793 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Mon, 29 Apr 2019 20:08:07 +0200 Subject: [PATCH] iplink_can: Prevent overstepping array bounds Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1465646 Upstream Status: iproute2.git commit 258b7c0fa70c2 commit 258b7c0fa70c2d6b5f9776cc35c38c80b4ee5752 Author: Phil Sutter Date: Mon Aug 21 11:27:00 2017 +0200 iplink_can: Prevent overstepping array bounds can_state_names array contains at most CAN_STATE_MAX fields, so allowing an index to it to be equal to that number is wrong. While here, also make sure the array is indeed that big so nothing bad happens if CAN_STATE_MAX ever increases. Signed-off-by: Phil Sutter --- ip/iplink_can.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ip/iplink_can.c b/ip/iplink_can.c index 20d4d37d0d087..4133a658a059e 100644 --- a/ip/iplink_can.c +++ b/ip/iplink_can.c @@ -241,7 +241,7 @@ static int can_parse_opt(struct link_util *lu, int argc, char **argv, return 0; } -static const char *can_state_names[] = { +static const char *can_state_names[CAN_STATE_MAX] = { [CAN_STATE_ERROR_ACTIVE] = "ERROR-ACTIVE", [CAN_STATE_ERROR_WARNING] = "ERROR-WARNING", [CAN_STATE_ERROR_PASSIVE] = "ERROR-PASSIVE", @@ -265,7 +265,7 @@ static void can_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) if (tb[IFLA_CAN_STATE]) { uint32_t state = rta_getattr_u32(tb[IFLA_CAN_STATE]); - fprintf(f, "state %s ", state <= CAN_STATE_MAX ? + fprintf(f, "state %s ", state < CAN_STATE_MAX ? can_state_names[state] : "UNKNOWN"); } -- 2.20.1