networkd-ndisc: add assert for DNSSL allocation overflow safety

author Luca Boccassi <luca.boccassi@gmail.com>

Sat, 28 Mar 2026 21:19:14 +0000 (21:19 +0000)

committer Luca Boccassi <luca.boccassi@gmail.com>

Mon, 30 Mar 2026 08:37:31 +0000 (09:37 +0100)
author Luca Boccassi <luca.boccassi@gmail.com>
Sat, 28 Mar 2026 21:19:14 +0000 (21:19 +0000)
committer Luca Boccassi <luca.boccassi@gmail.com>
Mon, 30 Mar 2026 08:37:31 +0000 (09:37 +0100)
diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c

index 93965f52536ec1e8bcd1e3e0a94ff2b8fa2d7cf4..e6b03c0826cad1b61b83882ac2b3cf0c6bf4fd35 100644 (file)
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -1909,6 +1909,8 @@ static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt, bool zero
                  _cleanup_free_ NDiscDNSSL *s = NULL;
                  NDiscDNSSL *dnssl;
  
+                /* Silence static analyzers */
+                assert(strlen(*j) <= SIZE_MAX - ALIGN(sizeof(NDiscDNSSL)) - 1);
                  s = malloc0(ALIGN(sizeof(NDiscDNSSL)) + strlen(*j) + 1);
                  if (!s)
                          return log_oom();
author	Luca Boccassi <luca.boccassi@gmail.com>
	Sat, 28 Mar 2026 21:19:14 +0000 (21:19 +0000)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Mon, 30 Mar 2026 08:37:31 +0000 (09:37 +0100)