netem: fix out of bounds access in maketable

The maketable program used to generate one of the configuration
files at build time for netem would access past the end of the array
for one input value. This is a bug inherited from original NISTnet.
Just fold the value, like other code there.

This is not a runtime error security problem.
It only impacts the build process if the build machine
had extra hardening enabled.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

diff --git a/netem/maketable.c b/netem/maketable.c
index dc505328579281b0eeb1dd956097b4aecbaa4b0b..6aff927be70400688ed6142e97388eec0f73369f 100644 (file)
--- a/netem/maketable.c
+++ b/netem/maketable.c
@@ -149,6 +149,8 @@ inverttable(int *table, int inversesize, int tablesize, int cumulative)
                inversevalue = (int)rint(findex*TABLEFACTOR);
                if (inversevalue <= MINSHORT) inversevalue = MINSHORT+1;
                if (inversevalue > MAXSHORT) inversevalue = MAXSHORT;
+               if (inverseindex >= inversesize) inverseindex = inversesize- 1;
+
                inverse[inverseindex] = inversevalue;
        }
        return inverse;