| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 May 2015 09:33:43 +0300 From: Vadim Kochan <vadim4j@...il.com> To: "Guzman Mosqueda, Jose R" <jose.r.guzman.mosqueda@...el.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "shemminger@...l.org" <shemminger@...l.org> Subject: Re: Possible issue in iproute2 package Hi Jose, On Thu, May 28, 2015 at 09:12:15PM +0000, Guzman Mosqueda, Jose R wrote: > > Hi all > > I'm Jose Guzman from a security team at Intel. > We're using iproute2 in a GNU-Linux project and I'm analyzing the code > to try to find possible issues/gaps/risks. > Since I'm not too familiar with the package yet I have a question about > a particular piece of code that could result in a memory corruption: > > Version: 4.0.0 > File: misc/ss.c > Function: static void tcp_show_info(...) > Line: ~1903 > Description: There is a memory allocation for a "s.cong_alg" variable: > s.cong_alg = malloc(strlen(cong_attr + 1)); > The length is calculated about next position of the starting character. > But next line there is a copy of the whole content: > strcpy(s.cong_alg, cong_attr); > I think there is a mistake and it should be something like: > s.cong_alg = malloc(strlen(cong_attr) + 1); I think strdup can be used here. I will send a patch. Thank You! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists