|
 |
d8fb9e |
From c903640ae37106ae416592a413a1f55afd56eeda Mon Sep 17 00:00:00 2001
|
|
|
d8fb9e |
From: Andrea Claudi <aclaudi@redhat.com>
|
|
|
d8fb9e |
Date: Wed, 22 Apr 2020 10:21:03 +0200
|
|
|
d8fb9e |
Subject: [PATCH] ss: fix NULL pointer access when parsing unix sockets with
|
|
|
d8fb9e |
oldformat
|
|
|
d8fb9e |
|
|
|
d8fb9e |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795891
|
|
|
d8fb9e |
Upstream Status: iproute2.git commit ebbb219c924cc
|
|
|
d8fb9e |
|
|
|
d8fb9e |
commit ebbb219c924ccedbc59e209d40b77d5dbeecd7cd
|
|
|
d8fb9e |
Author: Antonio Quartulli <a@unstable.cc>
|
|
|
d8fb9e |
Date: Sun Jan 7 02:31:50 2018 +0800
|
|
|
d8fb9e |
|
|
|
d8fb9e |
ss: fix NULL pointer access when parsing unix sockets with oldformat
|
|
|
d8fb9e |
|
|
|
d8fb9e |
When parsing and printing the unix sockets in unix_show(),
|
|
|
d8fb9e |
if the oldformat is detected, the peer_name member of the sockstat
|
|
|
d8fb9e |
object is left uninitialized (NULL).
|
|
|
d8fb9e |
For this reason, if a filter has been specified on the command line,
|
|
|
d8fb9e |
a strcmp() will crash when trying to access it.
|
|
|
d8fb9e |
|
|
|
d8fb9e |
Avoid crash by checking that peer_name is not NULL before
|
|
|
d8fb9e |
passing it to strcmp().
|
|
|
d8fb9e |
|
|
|
d8fb9e |
Cc: Stefano Brivio <sbrivio@redhat.com>
|
|
|
d8fb9e |
Cc: Stephen Hemminger <stephen@networkplumber.org>
|
|
|
d8fb9e |
Signed-off-by: Antonio Quartulli <a@unstable.cc>
|
|
|
d8fb9e |
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
|
|
|
d8fb9e |
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
|
d8fb9e |
---
|
|
|
d8fb9e |
misc/ss.c | 5 ++++-
|
|
|
d8fb9e |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
d8fb9e |
|
|
|
d8fb9e |
diff --git a/misc/ss.c b/misc/ss.c
|
|
|
d8fb9e |
index 8f184fb929d31..0b66cca7aaab2 100644
|
|
|
d8fb9e |
--- a/misc/ss.c
|
|
|
d8fb9e |
+++ b/misc/ss.c
|
|
|
d8fb9e |
@@ -3276,7 +3276,10 @@ static int unix_show(struct filter *f)
|
|
|
d8fb9e |
};
|
|
|
d8fb9e |
|
|
|
d8fb9e |
memcpy(st.local.data, &u->name, sizeof(u->name));
|
|
|
d8fb9e |
- if (strcmp(u->peer_name, "*"))
|
|
|
d8fb9e |
+ /* when parsing the old format rport is set to 0 and
|
|
|
d8fb9e |
+ * therefore peer_name remains NULL
|
|
|
d8fb9e |
+ */
|
|
|
d8fb9e |
+ if (u->peer_name && strcmp(u->peer_name, "*"))
|
|
|
d8fb9e |
memcpy(st.remote.data, &u->peer_name,
|
|
|
d8fb9e |
sizeof(u->peer_name));
|
|
|
d8fb9e |
if (run_ssfilter(f->f, &st) == 0) {
|
|
|
d8fb9e |
--
|
|
|
d8fb9e |
2.25.3
|
|
|
d8fb9e |
|