| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Dec 2017 11:05:29 -0500 (EST) From: David Miller <davem@...emloft.net> To: serhe.popovych@...il.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-next] dev: Correctly get length of alias string in dev_set_alias() From: Serhey Popovych <serhe.popovych@...il.com> Date: Mon, 18 Dec 2017 23:38:35 +0200 > We supply number of bytes available in @alias via @len > parameter to dev_set_alias() which is not the same > as zero terminated string length that can be shorter. > > Both dev_set_alias() users (rtnetlink and sysfs) can > submit number of bytes up to IFALIASZ with actual string > length slightly shorter by putting '\0' not at @len - 1. > > Use strnlen() to get length of zero terminated string > and not access beyond @len. Correct comment about @len > and explain how to unset alias (i.e. use zero for @len). > > Signed-off-by: Serhey Popovych <serhe.popovych@...il.com> I don't really see this as useful, really. In the sysfs case, we are not presented with a NULL terminated string. Instead, the net sysfs code gives us a length that goes up until the trailing newline character. The sysfs case is never larger than the actual string size + 1. The netlink attribute is usually sized appropriately for whatever the string length actually is. This therefore just seems to add an new strnlen() unnecessarily to this code path, which rarely does anything helpful. Thanks.
Powered by blists - more mailing lists