lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120302100128.GA12266@1984>
Date:	Fri, 2 Mar 2012 11:01:28 +0100
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	David Laight <David.Laight@...LAB.COM>
Cc:	santosh nayak <santoshprasadnayak@...il.com>,
	bart.de.schuymer@...dora.be, kaber@...sh.net,
	shemminger@...tta.com, davem@...emloft.net, netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org, linux-kernel@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Subject: Re: Resend [PATCH] netfilter: Fix copy_to_user too small size
 parametre.

On Fri, Mar 02, 2012 at 09:05:10AM -0000, David Laight wrote:
>  
> > -	if (copy_to_user(hlp, m->u.match->name, 
> > EBT_FUNCTION_MAXNAMELEN))
> > +	char name[EBT_FUNCTION_MAXNAMELEN] = {};
> > +
> > +	strncpy(name, m->u.match->name, sizeof(name));
> > +	if (copy_to_user(hlp, name, EBT_FUNCTION_MAXNAMELEN))
> >  		return -EFAULT;
> 
> strncpy() is very rarely the function you are looking for.
> In this case it MIGHT be right (since you do a fixed size
> copy_to_user).
> OTOH there is no need to also initialise name[].

We have to make sure that array is filled with zeros for the gap
between byte 29 and byte 32 due to backward compatibility issues.

I'll mangle the patch to add some comment close to strncpy and to
explain the way we're doing this.

> And it isn't entirely clear whether the application
> is allowed to be given a non-terminated string.

Match names are 29 bytes long, while ebtables expects 32 bytes. So
we're copying less bytes.

We can add the final \0 if you feel more confortable, but that string
is going to be null-terminated the way the code look now.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ