lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 17 Sep 2012 10:39:39 -0700
From:	Rick Jones <rick.jones2@...com>
To:	Ben Hutchings <bhutchings@...arflare.com>
CC:	Alan Cox <alan@...rguk.ukuu.org.uk>, netdev@...r.kernel.org
Subject: Re: [PATCH] ncm: allow for NULL terminations

On 09/17/2012 08:45 AM, Ben Hutchings wrote:
> On Mon, 2012-09-17 at 11:58 +0100, Alan Cox wrote:
>> From: Alan Cox <alan@...ux.intel.com>
>>
>> The strings are passed to snprintf so must be null terminated. It seems the
>> copy length is incorrectly set.
>
> Please use strlcpy() instead.  (I thought someone had already gone round
> the get_drvinfo implementations and fixed them to do that, actually.)

That may have been my "floor sweeping" exercise of before, but I didn't 
go into drivers/net/usb/ at the time.

rick

>
> Ben.
>
>> Signed-off-by: Alan Cox <alan@...ux.intel.com>
>> ---
>>
>>   drivers/net/usb/cdc_ncm.c |    6 +++---
>>   1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c
>> index 4cd582a..af8cce7 100644
>> --- a/drivers/net/usb/cdc_ncm.c
>> +++ b/drivers/net/usb/cdc_ncm.c
>> @@ -145,10 +145,10 @@ cdc_ncm_get_drvinfo(struct net_device *net, struct ethtool_drvinfo *info)
>>   {
>>   	struct usbnet *dev = netdev_priv(net);
>>
>> -	strncpy(info->driver, dev->driver_name, sizeof(info->driver));
>> -	strncpy(info->version, DRIVER_VERSION, sizeof(info->version));
>> +	strncpy(info->driver, dev->driver_name, sizeof(info->driver) - 1);
>> +	strncpy(info->version, DRIVER_VERSION, sizeof(info->version) - 1);
>>   	strncpy(info->fw_version, dev->driver_info->description,
>> -		sizeof(info->fw_version));
>> +		sizeof(info->fw_version) - 1);
>>   	usb_make_path(dev->udev, info->bus_info, sizeof(info->bus_info));
>>   }
>>
>>
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ