From: paco <paco@voltanet.io>
Date: Fri, 22 Jun 2018 15:14:57 +0000 (+0200)
Subject: zebra: untrusted array index (2) (Coverity 1470113)
X-Git-Tag: frr-6.1-dev~244^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=45981fda0634f7277c27c2a55e30d7f3433ffa16;p=matthieu%2Ffrr.git

zebra: untrusted array index (2) (Coverity 1470113)

This is a correction over 7f61ea7bd47bfd86a2c873870507281b1837dcdd in order
to avoid the TAINTED_SCALAR Coverity warning (ending in "Untrusted array
index read"). This is equivalent to the previous commit, but avoiding
pointer arithmetic with tainted variables.

Signed-off-by: F. Aragon <paco@voltanet.io>
---

diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c
index 5feb87b59d..a391f8343f 100644
--- a/zebra/zebra_netns_notify.c
+++ b/zebra/zebra_netns_notify.c
@@ -212,7 +212,9 @@ static int zebra_ns_notify_read(struct thread *t)
 			continue;
 		if (event->mask & IN_DELETE)
 			return zebra_ns_delete(event->name);
-		if (&event->name[event->len] >= &buf[sizeof(buf)]) {
+
+		if (offsetof(struct inotify_event, name) + event->len
+		    >= sizeof(buf)) {
 			zlog_err("NS notify read: buffer underflow");
 			break;
 		}