| Message ID | 20241029080117.625177-9-jmarchan@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 969c36d2e34702ad303add42e17f48285ecbacb2 |
| Headers | show |
| Series | trace-cmd: fix misc issues found by static analysis | expand |
diff --git a/tracecmd/trace-record.c b/tracecmd/trace-record.c index 7e84e897..6e9b4535 100644 --- a/tracecmd/trace-record.c +++ b/tracecmd/trace-record.c @@ -3811,7 +3811,7 @@ static void check_protocol_version(struct tracecmd_msg_handle *msg_handle) msg_handle->version = V1_PROTOCOL; tracecmd_plog("Use the v1 protocol\n"); } else { - if (memcmp(buf, "V3", n) != 0) + if (n < 3 || memcmp(buf, "V3", 3) != 0) die("Cannot handle the protocol %s", buf); /* OK, let's use v3 protocol */ write(fd, V3_MAGIC, sizeof(V3_MAGIC));
In check_protocol_version we compare the protocol version string with the expected one ("V3") with memcmp(). The received string could be longer than the constant string used for the comparison. That could lead to out of range access. Use the known length of the fixed "V3" string for the comparison and check that the received protocol version is not too short. Fixes a OVERRUN error (CWE-119) Signed-off-by: Jerome Marchand <jmarchan@redhat.com> --- tracecmd/trace-record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)