From 2d3af1675ddffe3fd50a94ba5f91a13672d9e091 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 12 Apr 2017 10:10:44 -0700 Subject: [PATCH] netem: fix out of bounds access in maketable The maketable program used to generate one of the configuration files at build time for netem would access past the end of the array for one input value. This is a bug inherited from original NISTnet. Just fold the value, like other code there. This is not a runtime error security problem. It only impacts the build process if the build machine had extra hardening enabled. Signed-off-by: Stephen Hemminger --- netem/maketable.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netem/maketable.c b/netem/maketable.c index dc505328..6aff927b 100644 --- a/netem/maketable.c +++ b/netem/maketable.c @@ -149,6 +149,8 @@ inverttable(int *table, int inversesize, int tablesize, int cumulative) inversevalue = (int)rint(findex*TABLEFACTOR); if (inversevalue <= MINSHORT) inversevalue = MINSHORT+1; if (inversevalue > MAXSHORT) inversevalue = MAXSHORT; + if (inverseindex >= inversesize) inverseindex = inversesize- 1; + inverse[inverseindex] = inversevalue; } return inverse;