Package: iproute2
Version: 4.15.0-3.1
Severity: normal
Tags: patch
Patch found upstream: https://www.spinics.net/lists/netdev/msg486801.html
When ss is invoked with the no-header flag, if the query doesn't return
any result, render() is called with 'buffer' uninitialized. This
currently leads to a segfault. Ensure that buffer is initialized before
rendering.
The bug can be triggered with: ss -H sport = 100000
Signed-off-by: Jean-Philippe Brucker <jphilippe.brucker@xxxxxxxxx>
---
misc/ss.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/misc/ss.c b/misc/ss.c
index e047f9c0..e087bef7 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -1197,10 +1197,15 @@ newline:
/* Render buffered output with spacing and delimiters, then free up buffers */
static void render(int screen_width)
{
- struct buf_token *token = (struct buf_token *)buffer.head->data;
+ struct buf_token *token;
int printed, line_started = 0;
struct column *f;
+ if (!buffer.head)
+ return;
+
+ token = (struct buf_token *)buffer.head->data;
+
/* Ensure end alignment of last token, it wasn't necessarily flushed */
buffer.tail->end += buffer.cur->len % 2;
--
2.16.2
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.15-1-pve (SMP w/8 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8),
LANGUAGE=de_AT:de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages iproute2 depends on:
ii libc6 2.27-3
ii libdb5.3 5.3.28-13.1+b1
ii libelf1 0.170-0.4
ii libmnl0 1.0.4-2
ii libselinux1 2.7-2+b2
Versions of packages iproute2 recommends:
ii libatm1 1:2.5.1-2
ii libxtables12 1.6.2-1
Versions of packages iproute2 suggests:
pn iproute2-doc <none>
-- no debconf information
