| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Feb 2013 19:01:12 +0800
From: Chen Gang <gang.chen@...anux.com>
To: Jiri Slaby <jslaby@...e.cz>
CC: Jiri Kosina <jkosina@...e.cz>, isdn@...ux-pingi.de,
Greg KH <gregkh@...uxfoundation.org>, alan@...ux.intel.com,
netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH] drivers/isdn: checkng length to be sure not memory overflow
于 2013年02月28日 18:00, Jiri Slaby 写道:
> I don't think there are piles of people to care about ISDN much nowadays.
I don't think either.
(I found it through reading the source code, by search strncpy)
if this is quite minor:
I suggest to delete this module.
the reason is:
it can not provide contributes, any more.
but may give a chance to the hacker which want to make an attack.
:-)
> So we can
> close that it is correct to drop the rest of the buffer. In a hope that
> +M is not followed by text longer than 50-or-so chars.
can we be sure that "+M..." is no more than 100+ chars ?
(I guess the sizeof (isdn_ctrl.parm) is 80+, but less than 100)
if we can not be sure:
do we need check and limit the length ? (I prefer to give a check)
if the module will really be delete,
I still suggest to maintain previous versions (for security issue)
thanks.
--
Chen Gang
Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists