From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Date: Wed, 27 Jul 2022 19:13:59 +0000 (-0600)
Subject: api.c: check for invalid error code in cgroup_strerror()
X-Git-Tag: v3.0~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37fab4e36b3785698fcc8af14e624cf1e182c183;p=thirdparty%2Flibcgroup.git

api.c: check for invalid error code in cgroup_strerror()

Fix array overflow warning, reported by the Coverity tool:

CID 258309 (#1 of 1): Out-of-bounds read (OVERRUN). overrun-local:
Overrunning array cgroup_strerror_codes of 32 8-byte elements at element
index 49999 (byte offset 399999) using index code % ECGROUPNOTCOMPILED
(which evaluates to 49999).

there are chances of users passing error codes, resulting in crossing
the upper bound of the cgroup_strerror_codes[], fix it by introducing
bound checks.

Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
---

diff --git a/src/api.c b/src/api.c
index b4e5ca1d..ad87a174 100644
--- a/src/api.c
+++ b/src/api.c
@@ -4558,10 +4558,15 @@ cleanup_path:
 
 const char *cgroup_strerror(int code)
 {
+	int idx = code % ECGROUPNOTCOMPILED;
+
 	if (code == ECGOTHER)
 		return strerror_r(cgroup_get_last_errno(), errtext, MAXLEN);
 
-	return cgroup_strerror_codes[code % ECGROUPNOTCOMPILED];
+	if (idx >= sizeof(cgroup_strerror_codes)/sizeof(cgroup_strerror_codes[0]))
+		return "Invalid error code";
+
+	return cgroup_strerror_codes[idx];
 }
 
 /**