From 71fc9c046816b2bae564481741658defafc01b62 Mon Sep 17 00:00:00 2001
From: Rachid Koucha <47061324+Rachid-Koucha@users.noreply.github.com>
Date: Sun, 27 Jan 2019 00:10:39 +0100
Subject: [PATCH] Avoid risk of "too far memory read"

As we call "lxc_add_state_client(fd, handler, (lxc_state_t *)req->data)"
which supposes that the last parameter is a table of MAX_STATE
entries when calling memcpy():
memcpy(newclient->states, states, sizeof(newclient->states))

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
---
 src/lxc/commands.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 392fdab2c..5f2e25b6d 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -896,7 +896,7 @@ static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
 	if (req->datalen < 0)
 		goto reap_client_fd;
 
-	if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
+	if (req->datalen != (sizeof(lxc_state_t) * MAX_STATE))
 		goto reap_client_fd;
 
 	if (!req->data)
-- 
2.47.2