af_unix: prevent oob writes

author Christian Brauner <christian.brauner@ubuntu.com>

Tue, 23 Feb 2021 21:08:48 +0000 (22:08 +0100)

committer Christian Brauner <christian.brauner@ubuntu.com>

Tue, 23 Feb 2021 21:08:48 +0000 (22:08 +0100)
author Christian Brauner <christian.brauner@ubuntu.com>
Tue, 23 Feb 2021 21:08:48 +0000 (22:08 +0100)
committer Christian Brauner <christian.brauner@ubuntu.com>
Tue, 23 Feb 2021 21:08:48 +0000 (22:08 +0100)
diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c

index 526e38ad022fc302bae5311f350408c63f02b1c0..747e6882050b0be324946453c34d7286d91a9249 100644 (file)
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -218,7 +218,7 @@ again:
                          * which exceeds the kernel limit we know about so
                          * close them and return an error.
                          */
-                       if (num_raw > KERNEL_SCM_MAX_FD) {
+                       if (num_raw >= KERNEL_SCM_MAX_FD) {
                                 for (idx = 0; idx < num_raw; idx++)
                                         close(fds_raw[idx]);
author	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 23 Feb 2021 21:08:48 +0000 (22:08 +0100)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 23 Feb 2021 21:08:48 +0000 (22:08 +0100)