lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Fri, 23 Mar 2007 15:40:43 +0100
From:	Johannes Berg <johannes@...solutions.net>
To:	Thomas Graf <tgraf@...g.ch>
Cc:	netdev <netdev@...r.kernel.org>
Subject: Re: [RFC] remove NLA_STRING NUL trimming

On Fri, 2007-03-23 at 15:20 +0100, Thomas Graf wrote:

> It's not really removed, the trailing NUL is just ignored when checking
> the length of the attribute. 

Good point.

> This is needed for older netlink families
> where strings are not always NUL terminated, yet we still need to accept
> the additional byte needed in case it is present. This validation is
> strictly necessary, otherwise nla_strcmp() and others will fail.

Ok.

> > For wireless, we have a few places where we need to be able to accept
> > any (even binary) values, for example for the SSID; the SSID can validly
> > end with \0 and I'd still love to be able to take advantage of
> > NLA_STRING and .len = 32 so I don't need to check the length myself.
> > However, given the code above, an SSID with a terminating \0 would be
> > reduced by one character.
> 
> I suggest that you introduce NLA_BINARY which enforces a maximum length.

Alright, I'll post a patch in a bit.

johannes

Download attachment "signature.asc" of type "application/pgp-signature" (191 bytes)

Powered by blists - more mailing lists