Package: iproute2 Version: 4.15.0-3.1 Severity: normal Tags: patch Patch found upstream: https://www.spinics.net/lists/netdev/msg486801.html
When ss is invoked with the no-header flag, if the query doesn't return any result, render() is called with 'buffer' uninitialized. This currently leads to a segfault. Ensure that buffer is initialized before rendering. The bug can be triggered with: ss -H sport = 100000 Signed-off-by: Jean-Philippe Brucker <jphilippe.brucker@xxxxxxxxx> --- misc/ss.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/misc/ss.c b/misc/ss.c index e047f9c0..e087bef7 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -1197,10 +1197,15 @@ newline: /* Render buffered output with spacing and delimiters, then free up buffers */ static void render(int screen_width) { - struct buf_token *token = (struct buf_token *)buffer.head->data; + struct buf_token *token; int printed, line_started = 0; struct column *f; + if (!buffer.head) + return; + + token = (struct buf_token *)buffer.head->data; + /* Ensure end alignment of last token, it wasn't necessarily flushed */ buffer.tail->end += buffer.cur->len % 2; -- 2.16.2 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.15-1-pve (SMP w/8 CPU cores) Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8), LANGUAGE=de_AT:de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages iproute2 depends on: ii libc6 2.27-3 ii libdb5.3 5.3.28-13.1+b1 ii libelf1 0.170-0.4 ii libmnl0 1.0.4-2 ii libselinux1 2.7-2+b2 Versions of packages iproute2 recommends: ii libatm1 1:2.5.1-2 ii libxtables12 1.6.2-1 Versions of packages iproute2 suggests: pn iproute2-doc <none> -- no debconf information