lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Aug 2017 09:30:35 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Phil Sutter' <phil@....cc>, Stephen Hemminger <stephen@...workplumber.org> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: [iproute PATCH v2 4/5] tc/tc_filter: Make sure filter name is not empty From: Phil Sutter > Sent: 17 August 2017 18:10 > The later check for 'k[0] != 0' requires a non-empty filter name, > otherwise NULL pointer dereference in 'q' might happen. > > Signed-off-by: Phil Sutter <phil@....cc> > --- > tc/tc_filter.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/tc/tc_filter.c b/tc/tc_filter.c > index b13fb9185d4fd..a799edb35886d 100644 > --- a/tc/tc_filter.c > +++ b/tc/tc_filter.c > @@ -412,6 +412,9 @@ static int tc_filter_get(int cmd, unsigned int flags, int argc, char **argv) > usage(); > return 0; > } else { > + if (!strlen(*argv)) > + invarg("invalid filter name", *argv); That is nearly as bad as: p[strlen(p)] = 0; > + > strncpy(k, *argv, sizeof(k)-1); > > q = get_filter_kind(k); > -- > 2.13.1
Powered by blists - more mailing lists