From: Stephen Hemminger Date: Wed, 12 Apr 2017 17:10:44 +0000 (-0700) Subject: netem: fix out of bounds access in maketable X-Git-Tag: v4.11.0~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d3af1675ddffe3fd50a94ba5f91a13672d9e091;p=thirdparty%2Fiproute2.git netem: fix out of bounds access in maketable The maketable program used to generate one of the configuration files at build time for netem would access past the end of the array for one input value. This is a bug inherited from original NISTnet. Just fold the value, like other code there. This is not a runtime error security problem. It only impacts the build process if the build machine had extra hardening enabled. Signed-off-by: Stephen Hemminger --- diff --git a/netem/maketable.c b/netem/maketable.c index dc5053285..6aff927be 100644 --- a/netem/maketable.c +++ b/netem/maketable.c @@ -149,6 +149,8 @@ inverttable(int *table, int inversesize, int tablesize, int cumulative) inversevalue = (int)rint(findex*TABLEFACTOR); if (inversevalue <= MINSHORT) inversevalue = MINSHORT+1; if (inversevalue > MAXSHORT) inversevalue = MAXSHORT; + if (inverseindex >= inversesize) inverseindex = inversesize- 1; + inverse[inverseindex] = inversevalue; } return inverse;