| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111017082307.46a994a8@nehalam.linuxnetplumber.net>
Date: Mon, 17 Oct 2011 08:23:07 -0700
From: Stephen Hemminger <shemminger@...tta.com>
To: Bin Li <libin.charles@...il.com>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH] iproute2: Conforming to -D_FORTIFY_SOURCE=2
restrictions
On Mon, 17 Oct 2011 15:35:35 +0800
Bin Li <libin.charles@...il.com> wrote:
> (gdb) l
> 161 len = slen;
> 162 if (len > 0) {
> 163 if (len > max)
> 164 invarg("\"ALGOKEY\" makes buffer
> overflow\n", key);
> 165
> 166 strncpy(buf, key, len);
> 167 }
> 168 }
> 169
> 170 alg->alg_key_len = len * 8;
> (gdb) up
> #8 xfrm_state_modify (cmd=<optimized out>, flags=<optimized out>, argc=1,
> argv=0x7fffffffe370) at xfrm_state.c:406
> 406 xfrm_algo_parse((void *)&alg, type,
> name, key,
>
> the compiler passes zero to __builtin___strncpy_chk as the buffer size.
> xfrm_algo_parse is inlined into xfrm_state_modify.
I don't understand, looks like a compiler bug. Call strncpy with
0 length should not be possible since the check was 3 lines
before for len > 0.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists