lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 3 Jan 2016 09:04:04 -0800
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	Andreas Henriksson <andreas@...al.se>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH iproute2] arpd: drop unnecessary explicit null
 termination

On Sun,  3 Jan 2016 17:09:44 +0100
Andreas Henriksson <andreas@...al.se> wrote:

> This is a followup to a previous commit 61170fd88d264c
> "get rid of unnecessary fgets() buffer size limitation".
> 
> If fgets guarantees buffer will be null terminated in the
> given size, then we can also drop the explicit termination.
> 
> While at it, also add an unrelated FIXME comment about
> potential unlikely long comment handling bug spotted in
> nearby code.
> 
> Signed-off-by: Andreas Henriksson <andreas@...al.se>
> ---
>  misc/arpd.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/misc/arpd.c b/misc/arpd.c
> index 6bb9bd1..3be700d 100644
> --- a/misc/arpd.c
> +++ b/misc/arpd.c
> @@ -702,12 +702,16 @@ int main(int argc, char **argv)
>  			goto do_abort;
>  		}
>  
> -		buf[sizeof(buf)-1] = 0;
>  		while (fgets(buf, sizeof(buf), fp)) {
>  			__u8 b1[6];
>  			char ipbuf[128];
>  			char macbuf[128];
>  
> +			/* FIXME: this does not properly handle the case where
> +			 * the comment line is longer than sizeof(buf).
> +			 * Should check if buf contains '\n' or skip upcoming
> +			 * bufs until '\n' is found.
> +			 */
>  			if (buf[0] == '#')
>  				continue;
>  

Rather than adding a big FIXME, please fix the problem.

Easiest fix would be just increase sizeof(buf) to BUFSIZ (4k) which
should fix any rational use of the file.

Other alternatives would be to use fscanf or getline.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ