| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080424.211235.08123917.davem@davemloft.net> Date: Thu, 24 Apr 2008 21:12:35 -0700 (PDT) From: David Miller <davem@...emloft.net> To: virtualphtn@...il.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-2.6] tcp_probe buffer overflow and incorrect return value From: Tom Quetchenbach <virtualphtn@...il.com> Date: Thu, 24 Apr 2008 14:37:58 -0700 > tcp_probe has a bounds-checking bug that causes many programs (less, python) to > crash reading /proc/net/tcp_probe. When it outputs a log line to the reader, it > only checks if that line alone will fit in the reader's buffer, rather than that > line and all the previous lines it has already written. > > tcpprobe_read also returns the wrong value if copy_to_user fails--it just passes > on the return value of copy_to_user (number of bytes not copied), which makes a > failure look like a success. > > This patch fixes the buffer overflow and sets the return value to -EFAULT if > copy_to_user fails. > > Patch is against latest net-2.6; tested briefly and seems to fix the crashes in > less and python. > > Signed-off-by: Tom Quetchenbach <virtualphtn@...il.com> Thanks a lot for fixing this bug. I've applied this patch and I'll queue it up for -stable too. Thanks again. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists