lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Nov 2009 09:51:28 +0200 From: Patroklos Argyroudis <argp@...sus-labs.com> To: Chuck Lever <chuck.lever@...cle.com> Cc: bugzilla-daemon@...zilla.kernel.org, bugme-daemon@...zilla.kernel.org, Linux Network Developers <netdev@...r.kernel.org>, "J. Bruce Fields" <bfields@...ldses.org>, Trond Myklebust <trond.myklebust@....uio.no>, Neil Brown <neilb@...e.de>, Andrew Morton <akpm@...ux-foundation.org>, Linux NFS Mailing list <linux-nfs@...r.kernel.org> Subject: Re: [Bugme-new] [Bug 14546] New: Off-by-two stack buffer overflow in function rpc_uaddr2sockaddr() of net/sunrpc/addr.c On Nov 10, 2009, at 6:29 PM, Andrew Morton wrote: > > > >Please don't submit patches via bugzilla. > > > >Please prepare this patch as per Documentation/SubmittingPatches and > >email it to all the recipients of this email, thanks. Ok, I will do so. On Tue, Nov 10, 2009 at 06:38:05PM -0500, Chuck Lever wrote: > Why wouldn't you bump the size of the buffer by two as well? > Otherwise valid universal addresses that are RPCBIND_MAXUADDRLEN > bytes long will fail here. > > > memcpy(buf, uaddr, uaddr_len); There is no need to increase the size of the buffer since the new check (if (uaddr_len > sizeof(buf) - 2)) will terminate the function in case the valid universal address is RPCBIND_MAXUADDRLEN bytes. Cheers, Patroklos -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists