| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1502050376-23662-5-git-send-email-kys@exchange.microsoft.com>
Date: Sun, 6 Aug 2017 13:12:56 -0700
From: kys@...hange.microsoft.com
To: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
devel@...uxdriverproject.org, olaf@...fle.de, apw@...onical.com,
vkuznets@...hat.com, jasowang@...hat.com,
leann.ogasawara@...onical.com, marcelo.cerri@...onical.com,
sthemmin@...rosoft.com
Cc: Alex Ng <alexng@...sages.microsoft.com>,
"K. Y. Srinivasan" <kys@...rosoft.com>
Subject: [PATCH 5/5] Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id
From: Alex Ng <alexng@...sages.microsoft.com>
There's a bug which passes the output buffer size as MAX_IP_ADDR_SIZE,
when converting the adapter_id field to UTF16. This is much larger than
the actual size (MAX_ADAPTER_ID_SIZE). Fix this by passing the proper
size.
Fortunately, the translation is limited by the length of the input. This
explains why we haven't seen output buffer overflow conditions.
Signed-off-by: Alex Ng <alexng@...sages.microsoft.com>
Signed-off-by: K. Y. Srinivasan <kys@...rosoft.com>
---
drivers/hv/hv_kvp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c
index 9a90b91..5eed1e7 100644
--- a/drivers/hv/hv_kvp.c
+++ b/drivers/hv/hv_kvp.c
@@ -304,7 +304,7 @@ static int process_ob_ipinfo(void *in_msg, void *out_msg, int op)
strlen((char *)in->body.kvp_ip_val.adapter_id),
UTF16_HOST_ENDIAN,
(wchar_t *)out->kvp_ip_val.adapter_id,
- MAX_IP_ADDR_SIZE);
+ MAX_ADAPTER_ID_SIZE);
if (len < 0)
return len;
--
1.7.1
Powered by blists - more mailing lists