| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Nov 2012 20:17:51 +0800 From: Chen Gang <gang.chen@...anux.com> To: Florian Westphal <fw@...len.de> CC: Xue Ying <ying.xue0@...il.com>, David Miller <davem@...emloft.net>, Shan Wei <shanwei88@...il.com>, Eric Dumazet <eric.dumazet@...il.com>, netdev <netdev@...r.kernel.org> Subject: Re: [Suggestion] net/netfilter: strcpy for timeout->name 于 2012年11月21日 19:39, Florian Westphal 写道: > Chen Gang <gang.chen@...anux.com> wrote: >> Please help checking net/netfilter/nfnetlink_cttimeout.c: >> I suggest, we use strncpy instead of strcpy at line 143. >> just like we have already used strncmp at line 94. > [..] >> after checking the calling work flow: >> the length of nla_data(cda[CTA_TIMEOUT_NAME]) is not limited in server side. > > Good catch, classic buffer overflow. > > I've sent a patch to add the missing "len" policy. Thanks for reporting > this bug. thank you for your reply, too. regard gchen > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- Chen Gang Asianux Corporation -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists