| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4A15848E.5030403@gmail.com> Date: Thu, 21 May 2009 18:42:54 +0200 From: Roel Kluin <roel.kluin@...il.com> To: Casey Schaufler <casey@...aufler-ca.com> CC: jmorris@...ei.org, lkml <linux-kernel@...r.kernel.org>, linux-security-module@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] smack:beyond ARRAY_SIZE of data Do not go beyond ARRAY_SIZE of data Signed-off-by: Roel Kluin <roel.kluin@...il.com> --- >> - if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX) >> + if (count < SMK_NETLBLADDRMIN || count >= SMK_NETLBLADDRMAX) >> > > There is a problem here, but this won't fix it. The buffer needs to be > allocated bigger than the potential contents (should be > SMK_NETLBLADDRMAX + 1 instead of SMK_NETLBLADDRMAX. Your patch will clip > the last byte off of a maximum length specification. Ok, how about this? diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index e03a7e1..10a4604 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -775,7 +775,7 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf, struct sockaddr_in newname; char smack[SMK_LABELLEN]; char *sp; - char data[SMK_NETLBLADDRMAX]; + char data[SMK_NETLBLADDRMAX + 1]; char *host = (char *)&newname.sin_addr.s_addr; int rc; struct netlbl_audit audit_info; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists