| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7eb8f072-c4fe-92c9-a7ad-dda390b5f9db@kernel.org>
Date: Wed, 13 Dec 2017 10:42:44 -0700
From: Shuah Khan <shuah@...nel.org>
To: Juan Zea <juan.zea@...del.com>, linux-usb@...r.kernel.org
Cc: Valentina Manea <valentina.manea.m@...il.com>,
linux-kernel@...r.kernel.org, Shuah Khan <shuahkh@....samsung.com>,
Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH] usbip: fix usbip bind writing random string after command
in match_busid
On 12/13/2017 04:07 AM, Juan Zea wrote:
> usbip bind writes commands followed by random string when writing to
> match_busid attribute in sysfs, caused by using full variable size
> instead of string length.
>
> Signed-off-by: Juan Zea <juan.zea@...del.com>
> ---
> tools/usb/usbip/src/utils.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/usb/usbip/src/utils.c b/tools/usb/usbip/src/utils.c
> index 2b3d6d2..ea1a1af 100644
> --- a/tools/usb/usbip/src/utils.c
> +++ b/tools/usb/usbip/src/utils.c
> @@ -42,7 +42,7 @@ int modify_match_busid(char *busid, int add)
> snprintf(command, SYSFS_BUS_ID_SIZE + 4, "del %s", busid);
>
> rc = write_sysfs_attribute(match_busid_attr_path, command,
> - sizeof(command));
> + strlen(command));
> if (rc < 0) {
> dbg("failed to write match_busid: %s", strerror(errno));
> return -1;
>
Why not use the return value from snprintf() for length, instead of calling
strlen(command)?
thanks,
-- Shuah
Powered by blists - more mailing lists