From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 18 Sep 2023 18:34:42 +0000 (-0700)
Subject: bridge: fix potential snprintf overflow
X-Git-Tag: v6.6.0~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d80122ae82aea86cb740b5202f6c3fde6183538;p=thirdparty%2Fiproute2.git

bridge: fix potential snprintf overflow

There is a theoretical snprintf overflow in bridge slave bitmask
print code found by CodeQL scan.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---

diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index dc73c8657..3821923b5 100644
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -100,13 +100,20 @@ static void _bitmask2str(__u16 bitmask, char *dst, size_t dst_size,
 	int len, i;
 
 	for (i = 0, len = 0; bitmask; i++, bitmask >>= 1) {
+		int n;
+
 		if (bitmask & 0x1) {
 			if (tbl[i])
-				len += snprintf(dst + len, dst_size - len, "%s,",
+				n = snprintf(dst + len, dst_size - len, "%s,",
 						tbl[i]);
 			else
-				len += snprintf(dst + len, dst_size - len, "0x%x,",
+				n = snprintf(dst + len, dst_size - len, "0x%x,",
 						(1 << i));
+
+			if (n < 0 || n >= dst_size - len)
+				break;
+
+			len += n;
 		}
 	}