From f4d052d7b210612a7ffbdd7c3cfbce213c9a0e21 Mon Sep 17 00:00:00 2001 From: liuchao173 Date: Fri, 8 Nov 2019 08:47:43 +0000 Subject: [PATCH] irqbalance: fix strcat may cause buffer overrun when the sum length of irq_name and saveptr is more than PATH_MAX, strcat will cause buffer overrun --- procinterrupts.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/procinterrupts.c b/procinterrupts.c index 373d8b5..0b24b56 100644 --- a/procinterrupts.c +++ b/procinterrupts.c @@ -205,6 +205,7 @@ static void init_irq_class_and_type(char *savedline, struct irq_info *info, int int is_xen_dyn = 0; #ifdef AARCH64 char *tmp = NULL; + char irq_fullname_valid = 1; char irq_fullname[PATH_MAX] = {0}; #endif @@ -236,12 +237,16 @@ static void init_irq_class_and_type(char *savedline, struct irq_info *info, int if (tmp) *tmp = 0; - strcat(irq_fullname, irq_name); - strcat(irq_fullname, " "); - strcat(irq_fullname, savedptr); - tmp = strchr(irq_fullname, '\n'); - if (tmp) - *tmp = 0; + if (strlen(irq_name) + strlen(savedptr) + 1 < PATH_MAX) { + strcat(irq_fullname, irq_name); + strcat(irq_fullname, " "); + strcat(irq_fullname, savedptr); + tmp = strchr(irq_fullname, '\n'); + if (tmp) + *tmp = 0; + } else { + irq_fullname_valid = 0; + } #endif irq_mod = last_token; info->irq = irq; @@ -251,8 +256,13 @@ static void init_irq_class_and_type(char *savedline, struct irq_info *info, int info->class = IRQ_VIRT_EVENT; } else { #ifdef AARCH64 - irq_name = irq_fullname; - guess_arm_irq_hints(irq_name, info); + if (irq_fullname_valid) { + irq_name = irq_fullname; + guess_arm_irq_hints(irq_name, info); + } else { + info->type = IRQ_TYPE_LEGACY; + info->class = IRQ_OTHER; + } #else info->type = IRQ_TYPE_LEGACY; info->class = IRQ_OTHER; -- 2.19.1