| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Jun 2008 11:25:03 +0100
From: Ben Hutchings <bhutchings@...arflare.com>
To: Wang Chen <wangchen@...fujitsu.com>
Cc: "David S. Miller" <davem@...emloft.net>,
NETDEV <netdev@...r.kernel.org>
Subject: Re: [PATCH] netdevice: Fix wrong string handle in kernel command line parsing
Wang Chen wrote:
> 1. In netdev_boot_setup_add(), a long name will leak.
> ex. : dev=21,0x1234,0x1234,0x2345,eth123456789verylongname.........
> 2. In netdev_boot_setup_check(), mismatch will happen if s[i].name
> is a substring of dev->name.
> ex. : dev=...eth1 dev=...eth11
Well spotted, but...
> Signed-off-by: Wang Chen <wangchen@...fujitsu.com>
> ---
> diff --git a/net/core/dev.c b/net/core/dev.c
> index c421a1f..9ecb3db 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -454,7 +454,7 @@ static int netdev_boot_setup_add(char *name, struct ifmap *map)
> for (i = 0; i < NETDEV_BOOT_SETUP_MAX; i++) {
> if (s[i].name[0] == '\0' || s[i].name[0] == ' ') {
> memset(s[i].name, 0, sizeof(s[i].name));
> - strcpy(s[i].name, name);
> + strncpy(s[i].name, name, IFNAMSIZ);
I think that strncpy() should be strlcpy(), because strncpy() does not
ensure null-termination.
Ben.
--
Ben Hutchings, Senior Software Engineer, Solarflare Communications
Not speaking for my employer; that's the marketing department's job.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists