lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <18d709710608200747k3323b23cq70eb52fdb9032554@mail.gmail.com>
Date:	Sun, 20 Aug 2006 07:47:29 -0700
From:	"Julio Auto" <mindvortex@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: [PATCH] 2.6.17.9 Incorrect string length checking in param_set_copystring()

As for 2.6.17.9, linux/include/linux/moduleparam.h suggests the user
of module_param_string() to set the maxlen parameter to
strlen(string), ie. '\0' excluded. However the function that actually
sets the string (param_set_copystring()), doesn't accept inputs with
maxlen-1 characters, reporting that the supplied string should fit
maxlen-1 chars.
See patch below.
Cheers,

    Julio Auto

--- linux-2.6.17.9/kernel/params.c.old  2006-08-19 20:48:30.000000000 -0700
+++ linux-2.6.17.9/kernel/params.c      2006-08-19 20:49:15.000000000 -0700
@@ -351,9 +351,9 @@ int param_set_copystring(const char *val
 {
        struct kparam_string *kps = kp->arg;

-       if (strlen(val)+1 > kps->maxlen) {
+       if (strlen(val) > kps->maxlen) {
                printk(KERN_ERR "%s: string doesn't fit in %u chars.\n",
-                      kp->name, kps->maxlen-1);
+                      kp->name, kps->maxlen);
                return -ENOSPC;
        }
        strcpy(kps->string, val);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ