irqbalance/bugfix-fix-strcat-may-cause-buffer-overrun.patch

From f4d052d7b210612a7ffbdd7c3cfbce213c9a0e21 Mon Sep 17 00:00:00 2001
From: liuchao173 <liuchao173@huawei.com>
Date: Fri, 8 Nov 2019 08:47:43 +0000
Subject: [PATCH] irqbalance: fix strcat may cause buffer overrun

when the sum length of irq_name and saveptr is more than PATH_MAX, strcat will cause buffer overrun
---
 procinterrupts.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/procinterrupts.c b/procinterrupts.c
index 373d8b5..0b24b56 100644
--- a/procinterrupts.c
+++ b/procinterrupts.c
@@ -205,6 +205,7 @@ static void init_irq_class_and_type(char *savedline, struct irq_info *info, int
 	int	is_xen_dyn = 0;
 #ifdef AARCH64
 	char *tmp = NULL;
+	char irq_fullname_valid = 1;
 	char irq_fullname[PATH_MAX] = {0};
 #endif
 
@@ -236,12 +237,16 @@ static void init_irq_class_and_type(char *savedline, struct irq_info *info, int
 	if (tmp)
 		*tmp = 0;
 
-	strcat(irq_fullname, irq_name);
-	strcat(irq_fullname, " ");
-	strcat(irq_fullname, savedptr);
-	tmp = strchr(irq_fullname, '\n');
-	if (tmp)
-		*tmp = 0;
+	if (strlen(irq_name) + strlen(savedptr) + 1 < PATH_MAX) {
+		strcat(irq_fullname, irq_name);
+		strcat(irq_fullname, " ");
+		strcat(irq_fullname, savedptr);
+		tmp = strchr(irq_fullname, '\n');
+		if (tmp)
+			*tmp = 0;
+	} else {
+		irq_fullname_valid = 0;
+	}
 #endif
 	irq_mod = last_token;
 	info->irq = irq;
@@ -251,8 +256,13 @@ static void init_irq_class_and_type(char *savedline, struct irq_info *info, int
 		info->class = IRQ_VIRT_EVENT;
 	} else {
 #ifdef AARCH64
-		irq_name = irq_fullname;
-		guess_arm_irq_hints(irq_name, info);
+		if (irq_fullname_valid) {
+			irq_name = irq_fullname;
+			guess_arm_irq_hints(irq_name, info);
+		} else {
+			info->type = IRQ_TYPE_LEGACY;
+			info->class = IRQ_OTHER;
+		}
 #else
 		info->type = IRQ_TYPE_LEGACY;
 		info->class = IRQ_OTHER;
-- 
2.19.1