]> git.ipfire.org Git - thirdparty/shadow.git/commit
projects / thirdparty / shadow.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0066743) | patch
port: fix OVERRUN (CWE-119)
authorIker Pedrosa <ipedrosa@redhat.com>
Wed, 15 May 2024 10:25:51 +0000 (12:25 +0200)
committerAlejandro Colomar <alx@kernel.org>
Fri, 17 May 2024 14:08:26 +0000 (16:08 +0200)
commit4c16416ebc5f0958d58a1ea1e7890eafd9f8bb75
treed71a15b4d1d2bf3450c578ab323769dda2ce9ecetree | snapshot
parent0066743c499eb216e14082e7cae48fd55d7ad7aecommit | diff
port: fix OVERRUN (CWE-119)

```
shadow-4.15.0/lib/port.c:154:2: alias: Assigning: "port.pt_names" = "ttys". "port.pt_names" now points to element 0 of "ttys" (which consists of 65 8-byte elements).
shadow-4.15.0/lib/port.c:155:2: cond_const: Checking "j < 64" implies that "j" is 64 on the false branch.
shadow-4.15.0/lib/port.c:175:2: overrun-local: Overrunning array of 65 8-byte elements at element index 65 (byte offset 527) by dereferencing pointer "port.pt_names + (j + 1)".
173|           *cp = '\0';
174|           cp++;
175|->         port.pt_names[j + 1] = NULL;
176|
177|           /*
```

Resolves: https://issues.redhat.com/browse/RHEL-35383

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
lib/port.c diff | blob | blame | history
Mirror of https://github.com/shadow-maint/shadow.git