From 92fea74bfe5186184d26c5bc89bd2d8f1895574b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 23 Feb 2021 22:08:48 +0100
Subject: [PATCH] af_unix: prevent oob writes

Fixes: Coverity 1473309
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/af_unix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 526e38ad0..747e68820 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -218,7 +218,7 @@ again:
 			 * which exceeds the kernel limit we know about so
 			 * close them and return an error.
 			 */
-			if (num_raw > KERNEL_SCM_MAX_FD) {
+			if (num_raw >= KERNEL_SCM_MAX_FD) {
 				for (idx = 0; idx < num_raw; idx++)
 					close(fds_raw[idx]);
 
-- 
2.47.3