| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AE90C24D6B3A694183C094C60CF0A2F6D8AEE0@saturn3.aculab.com> Date: Thu, 24 Nov 2011 12:30:00 -0000 From: "David Laight" <David.Laight@...LAB.COM> To: <wharms@....de>, "Dan Carpenter" <dan.carpenter@...cle.com> Cc: "Karsten Keil" <isdn@...ux-pingi.de>, <netdev@...r.kernel.org>, <kernel-janitors@...r.kernel.org> Subject: RE: [patch] isdn: make sure strings are null terminated > >>> + if (strlen(dioctl.cf_ctrl.msn) >= sizeof(dioctl.cf_ctrl.msn)) > >>> + return -EINVAL; ... > So far i see you do not get a string, you get a structure. And > it will hard to validate the element is a useful string. > I think my (sledgehammer) method is ok here because you > make sure that all later calls (strcmp,strcpy) will succeed. > If someone supplies a bad string the later calls will catch > by failing to identify and return a proper code from there > (at least i hope so). > > re, > wh Except that the strlen() can run right off the end of the structure - and might eventually fault. You need to use something like strnlen(). David -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists