lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Apr 2015 08:33:32 +0300 From: Vadim Kochan <vadim4j@...il.com> To: netdev@...r.kernel.org Cc: Vadim Kochan <vadim4j@...il.com> Subject: [PATCH iproute2] tc util: Fix possible buffer overflow when print class id From: Vadim Kochan <vadim4j@...il.com> Use correct handle buffer length. Signed-off-by: Vadim Kochan <vadim4j@...il.com> --- tc/tc_util.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tc/tc_util.c b/tc/tc_util.c index 1d3153d..dc2b70f 100644 --- a/tc/tc_util.c +++ b/tc/tc_util.c @@ -128,30 +128,31 @@ ok: return 0; } -int print_tc_classid(char *buf, int len, __u32 h) +int print_tc_classid(char *buf, int blen, __u32 h) { - char handle[40] = {}; + SPRINT_BUF(handle) = {}; + int hlen = SPRINT_BSIZE - 1; if (h == TC_H_ROOT) sprintf(handle, "root"); else if (h == TC_H_UNSPEC) - snprintf(handle, len, "none"); + snprintf(handle, hlen, "none"); else if (TC_H_MAJ(h) == 0) - snprintf(handle, len, ":%x", TC_H_MIN(h)); + snprintf(handle, hlen, ":%x", TC_H_MIN(h)); else if (TC_H_MIN(h) == 0) - snprintf(handle, len, "%x:", TC_H_MAJ(h) >> 16); + snprintf(handle, hlen, "%x:", TC_H_MAJ(h) >> 16); else - snprintf(handle, len, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h)); + snprintf(handle, hlen, "%x:%x", TC_H_MAJ(h) >> 16, TC_H_MIN(h)); if (use_names) { char clname[IDNAME_MAX] = {}; if (id_to_name(cls_names, h, clname)) - snprintf(buf, len, "%s#%s", clname, handle); + snprintf(buf, blen, "%s#%s", clname, handle); else - snprintf(buf, len, "%s", handle); + snprintf(buf, blen, "%s", handle); } else { - snprintf(buf, len, "%s", handle); + snprintf(buf, blen, "%s", handle); } return 0; -- 2.3.1 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists