lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 23 Nov 2011 10:16:20 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Karsten Keil <isdn@...ux-pingi.de>, netdev@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: [patch] isdn: make sure strings are null terminated

On Wed, Nov 23, 2011 at 08:03:31AM +0100, Eric Dumazet wrote:
> > +			if (strlen(dioctl.cf_ctrl.msn) >= sizeof(dioctl.cf_ctrl.msn))
> > +				return -EINVAL;
> 
> This looks buggy.
> 
> If string is not null terminated, how strlen() will stop you from going
> out of bounds, and trigger some run time checker ?
> 
> strnlen() would be more effective...
> 

Aw crap.  My first version used strnlen() and I redid it to be
simpler.  I just figured that it doesn't take long to hit a zeroed
u8.

I'll resend all three strlen() patches to use strnlen().

regards,
dan carpenter


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ