local_sendmsg: fix peer->lc_cfps[] array out-of-range write

When peer->lc_cfpcount == LOCAL_NCONTROLFDS, Line 122: peer->lc_cfps[peer->lc_cfpcount++] = filep2; access out-of-range Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
2023-10-12 14:50:17 +08:00 · 2023-10-12 14:50:17 +08:00 · 7a9aa9539c
commit 7a9aa9539c
parent ce16288494
1 changed files with 1 additions and 1 deletions
--- a/net/local/local_sendmsg.c
+++ b/net/local/local_sendmsg.c
@ -91,7 +91,7 @@ static int local_sendctl(FAR struct local_conn_s *conn,
      fds = (int *)CMSG_DATA(cmsg);
      count = (cmsg->cmsg_len - sizeof(struct cmsghdr)) / sizeof(int);
-      if (count + peer->lc_cfpcount > LOCAL_NCONTROLFDS)
+      if (count + peer->lc_cfpcount >= LOCAL_NCONTROLFDS)
        {
          ret = -EMFILE;
          goto fail;