[iproute2] iproute_lwtunnel: fix array boundary check

Commit Message

Andrea Claudi May 29, 2023, 9:42 p.m. UTC

seg6_mode_types is made up of 5 elements, so ARRAY_SIZE(seg6_mode_types)
evaluates to 5. Thus, when mode = 5, this function returns
seg6_mode_types[5], resulting in an out-of-bound access.

Fix this bailing out when mode is equal to or greater than 5.

Fixes: cf87da417bb4 ("iproute: add support for seg6 l2encap mode")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
---
 ip/iproute_lwtunnel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org May 30, 2023, 7:30 p.m. UTC | #1

Hello:

This patch was applied to iproute2/iproute2.git (main)
by Stephen Hemminger <stephen@networkplumber.org>:

On Mon, 29 May 2023 23:42:16 +0200 you wrote:
> seg6_mode_types is made up of 5 elements, so ARRAY_SIZE(seg6_mode_types)
> evaluates to 5. Thus, when mode = 5, this function returns
> seg6_mode_types[5], resulting in an out-of-bound access.
> 
> Fix this bailing out when mode is equal to or greater than 5.
> 
> Fixes: cf87da417bb4 ("iproute: add support for seg6 l2encap mode")
> Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
> 
> [...]

Here is the summary with links:
  - [iproute2] iproute_lwtunnel: fix array boundary check
    https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1cf50a1f2723

You are awesome, thank you!

Patch

diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
index 96de3b20..94985972 100644
--- a/ip/iproute_lwtunnel.c
+++ b/ip/iproute_lwtunnel.c
@@ -140,7 +140,7 @@  static const char *seg6_mode_types[] = {
 
 static const char *format_seg6mode_type(int mode)
 {
-	if (mode < 0 || mode > ARRAY_SIZE(seg6_mode_types))
+	if (mode < 0 || mode >= ARRAY_SIZE(seg6_mode_types))
 		return "<unknown>";
 
 	return seg6_mode_types[mode];