HomeFreeBSD
Diffusion FreeBSD src repository 23827a4ca1fb

Fix: Array bounds read in zprop_print_one_property()
23827a4ca1fb
Actions

Description

Fix: Array bounds read in zprop_print_one_property()

If the loop index i comes to (ZFS_GET_NCOLS - 1), the cbp->cb_columns[i + 1]
actually read the data of cbp->cb_colwidths[0], which means the array
subscript is above array bounds.

Luckily the cbp->cb_colwidths[0] is always 0 and it seems we haven't
looped enough times to exceed the array bounds so far, but it's really
a secluded risk someday.

Signed-off-by: GeLiXin <ge.lixin@zte.com.cn>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #5003

Details

Provenance
GeLiXin <ge.lixin@zte.com.cn>Authored on Aug 22 2016, 3:20 AM
Brian Behlendorf <behlendorf1@llnl.gov>Committed on Aug 22 2016, 5:23 PM
Parents
rG9cc1844a1dab: Linux compat: Grsecurity kernel
Branches
Unknown
Tags
Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rG23827a4ca1fb: Fix: Array bounds read in zprop_print_one_property() (authored by GeLiXin <ge.lixin@zte.com.cn>).Aug 22 2016, 5:23 PM

Changes (1)

PathSize
lib/
libzfs/

rG23827a4ca1fb

View Options

lib/libzfs/libzfs_util.c

Loading...