diff options
author | Fedor Tokarev | 2020-03-28 14:56:55 +0300 |
---|---|---|
committer | Anna Schumaker | 2020-05-27 10:08:26 -0400 |
commit | 118917d696dc59fd3e1741012c2f9db2294bed6f (patch) | |
tree | eaa2fe131df0726d0cd0c0c94387d75ded15849f | |
parent | 00a7a00e2d2fc2ebbaf2c3ef25427ae13e0f94da (diff) |
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
Fix off-by-one issues in 'rpc_ntop6':
- 'snprintf' returns the number of characters which would have been
written if enough space had been available, excluding the terminating
null byte. Thus, a return value of 'sizeof(scopebuf)' means that the
last character was dropped.
- 'strcat' adds a terminating null byte to the string, thus if len ==
buflen, the null byte is written past the end of the buffer.
Signed-off-by: Fedor Tokarev <ftokarev@gmail.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
-rw-r--r-- | net/sunrpc/addr.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/sunrpc/addr.c b/net/sunrpc/addr.c index 8b4d72b1a066..010dcb876f9d 100644 --- a/net/sunrpc/addr.c +++ b/net/sunrpc/addr.c @@ -82,11 +82,11 @@ static size_t rpc_ntop6(const struct sockaddr *sap, rc = snprintf(scopebuf, sizeof(scopebuf), "%c%u", IPV6_SCOPE_DELIMITER, sin6->sin6_scope_id); - if (unlikely((size_t)rc > sizeof(scopebuf))) + if (unlikely((size_t)rc >= sizeof(scopebuf))) return 0; len += rc; - if (unlikely(len > buflen)) + if (unlikely(len >= buflen)) return 0; strcat(buf, scopebuf); |