From 7512851be160c7dbd04aa2197cad77d51a408c1c Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Thu, 3 Sep 2020 10:27:20 +0800 Subject: [PATCH] Fix: potential PCB buffer overflow on bsd systems (#941) --- rules/process_darwin.go | 4 ++-- rules/process_freebsd_amd64.go | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rules/process_darwin.go b/rules/process_darwin.go index 0ff8960d..1af828a9 100644 --- a/rules/process_darwin.go +++ b/rules/process_darwin.go @@ -127,8 +127,8 @@ func getExecPathFromAddress(metadata *C.Metadata) (string, error) { // rup8(sizeof(xtcpcb_n)) itemSize += 208 } - // skip the first and last xinpgen(24 bytes) block - for i := 24; i < len(buf)-24; i += itemSize { + // skip the first xinpgen(24 bytes) block + for i := 24; i+itemSize <= len(buf); i += itemSize { // offset of xinpcb_n and xsocket_n inp, so := i, i+104 diff --git a/rules/process_freebsd_amd64.go b/rules/process_freebsd_amd64.go index 40e7a5fc..05ab7c3f 100644 --- a/rules/process_freebsd_amd64.go +++ b/rules/process_freebsd_amd64.go @@ -95,7 +95,7 @@ func searchSocketPid(socket uint64) (uint32, error) { // struct xfile itemSize := 128 - for i := 0; i < len(buf); i += itemSize { + for i := 0; i+itemSize <= len(buf); i += itemSize { // xfile.xf_data data := binary.BigEndian.Uint64(buf[i+56 : i+64]) if data == socket { @@ -141,8 +141,8 @@ func getExecPathFromAddress(metadata *C.Metadata) (string, error) { buf := []byte(value) - // skip the first and last xinpgen(64 bytes) block - for i := 64; i < len(buf)-64; i += itemSize { + // skip the first xinpgen(64 bytes) block + for i := 64; i+itemSize <= len(buf); i += itemSize { inp := i + inpOffset srcPort := binary.BigEndian.Uint16(buf[inp+254 : inp+256])