| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 03 Oct 2006 17:58:31 +0200
From: Samuel Tardieu <sam@...1149.net>
To: jt@....hp.com
Cc: Valdis.Kletnieks@...edu,
"John W. Linville" <linville@...driver.com>,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: 2.6.18-mm2 - oops in cache_alloc_refill()
>>>>> "Jean" == Jean Tourrilhes <jt@....hp.com> writes:
Jean> @@ -2500,9 +2501,9 @@ static int orinoco_hw_get_essid(struct o
Jean> len = le16_to_cpu(essidbuf.len);
Jean> BUG_ON(len > IW_ESSID_MAX_SIZE);
Jean>
Jean> - memset(buf, 0, IW_ESSID_MAX_SIZE+1);
Jean> + memset(buf, 0, IW_ESSID_MAX_SIZE);
Jean> memcpy(buf, p, len);
Jean> - buf[len] = '\0';
Jean> + err = len;
Jean,
something bugs me here:
- either buf is supposed to be a nul-terminated string, in which
case if p is IW_ESSID_MAX_SIZE long there may be a bug (no '\0' at
the end of buf)
- either buf is not-supposed to be nul-terminated and the length
value will always be used, in which case the memset() looks
useless
I suggest that you revert the memset() to IW_ESSID_MAX_SIZE+1 so that
the last byte is cleared as well. Or am I missing something?
Sam
--
Samuel Tardieu -- sam@...1149.net -- http://www.rfc1149.net/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists