floppym 14/04/07 14:48:58 Added: 212-0001-sd-rtnl-fix-off-by-one.patch Log: Backport crashfix in networkd, bug 507044 by Alexander Tsoy. (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0BBEEA1FEA4843A4)
Revision Changes Path 1.1 sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/systemd/files/212-0001-sd-rtnl-fix-off-by-one.patch?rev=1.1&content-type=text/plain Index: 212-0001-sd-rtnl-fix-off-by-one.patch =================================================================== >From ef1a79119cc9cdeef03af17795e6a05459a0f3af Mon Sep 17 00:00:00 2001 From: Steven Siloti <[email protected]> Date: Sun, 30 Mar 2014 21:20:26 -0700 Subject: [PATCH] sd-rtnl: fix off-by-one To: [email protected] Also fix type parameter passed to new0 --- src/libsystemd/sd-rtnl/rtnl-message.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c index 84a8ffa..97ace2a 100644 --- a/src/libsystemd/sd-rtnl/rtnl-message.c +++ b/src/libsystemd/sd-rtnl/rtnl-message.c @@ -1073,11 +1073,11 @@ int rtnl_message_parse(sd_rtnl_message *m, unsigned short type; size_t *tb; - tb = (size_t *) new0(size_t *, max); + tb = new0(size_t, max + 1); if(!tb) return -ENOMEM; - *rta_tb_size = max; + *rta_tb_size = max + 1; for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) { type = rta->rta_type; -- 1.9.1
