From: Michał Łyszczek <michal.lyszczek@bofc.pl>
Date: Thu, 24 Oct 2019 21:20:43 +0000 (+0200)
Subject: rdma/sys.c: fix possible out-of-bound array access
X-Git-Tag: v5.4.0~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6749801b062c7f97fcf2ccebd592579b2a07efc0;p=thirdparty%2Fiproute2.git

rdma/sys.c: fix possible out-of-bound array access

netns_modes_str[] array has 2 elements, when netns_mode is 2,
condition (2 <= 2) will be true and `mode_str = netns_modes_str[2]'
will be executed, which will result in out-of-bound read.

Signed-off-by: Michał Łyszczek <michal.lyszczek@bofc.pl>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---

diff --git a/rdma/sys.c b/rdma/sys.c
index cef390818..1a434a25b 100644
--- a/rdma/sys.c
+++ b/rdma/sys.c
@@ -31,7 +31,7 @@ static int sys_show_parse_cb(const struct nlmsghdr *nlh, void *data)
 		netns_mode =
 			mnl_attr_get_u8(tb[RDMA_NLDEV_SYS_ATTR_NETNS_MODE]);
 
-		if (netns_mode <= ARRAY_SIZE(netns_modes_str))
+		if (netns_mode < ARRAY_SIZE(netns_modes_str))
 			mode_str = netns_modes_str[netns_mode];
 		else
 			mode_str = "unknown";