| From b0dc561f16d92d259579ac4dae8f17b402a91be5 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Sat, 28 Mar 2020 14:56:55 +0300 |
| Subject: net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' |
| |
| From: Fedor Tokarev <ftokarev@gmail.com> |
| |
| [ Upstream commit 118917d696dc59fd3e1741012c2f9db2294bed6f ] |
| |
| Fix off-by-one issues in 'rpc_ntop6': |
| - 'snprintf' returns the number of characters which would have been |
| written if enough space had been available, excluding the terminating |
| null byte. Thus, a return value of 'sizeof(scopebuf)' means that the |
| last character was dropped. |
| - 'strcat' adds a terminating null byte to the string, thus if len == |
| buflen, the null byte is written past the end of the buffer. |
| |
| Signed-off-by: Fedor Tokarev <ftokarev@gmail.com> |
| Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| net/sunrpc/addr.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| diff --git a/net/sunrpc/addr.c b/net/sunrpc/addr.c |
| index 2e0a6f92e563d..8391c27855501 100644 |
| --- a/net/sunrpc/addr.c |
| +++ b/net/sunrpc/addr.c |
| @@ -81,11 +81,11 @@ static size_t rpc_ntop6(const struct sockaddr *sap, |
| |
| rc = snprintf(scopebuf, sizeof(scopebuf), "%c%u", |
| IPV6_SCOPE_DELIMITER, sin6->sin6_scope_id); |
| - if (unlikely((size_t)rc > sizeof(scopebuf))) |
| + if (unlikely((size_t)rc >= sizeof(scopebuf))) |
| return 0; |
| |
| len += rc; |
| - if (unlikely(len > buflen)) |
| + if (unlikely(len >= buflen)) |
| return 0; |
| |
| strcat(buf, scopebuf); |
| -- |
| 2.25.1 |
| |
