lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 05 Jun 2014 09:10:40 +0200
From:	Bart Van Assche <bvanassche@....org>
To:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>,
	Anil Gurumurthy <anil.gurumurthy@...gic.com>,
	Sudarsana Kalluru <sudarsana.kalluru@...gic.com>
CC:	"James E.J. Bottomley" <JBottomley@...allels.com>,
	linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] scsi: bfa: bfad_attr.c:  Optimization of the Code

On 06/05/14 08:55, Bart Van Assche wrote:
> On 06/04/14 20:08, Rickard Strandqvist wrote:
> This is ugly. Please use sprintf(buf, "%.*s\n", PAGE_SIZE - 1, str)
> instead of strncpy() + strlen().

(replying to my own e-mail)

The above should of course have read "sprintf(buf, "%.*s\n", PAGE_SIZE -
2, str)" to avoid that the terminating '\0' triggers a buffer overflow.

Bart.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ