| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AE90C24D6B3A694183C094C60CF0A2F6026B6EE2@saturn3.aculab.com> Date: Wed, 18 Apr 2012 09:17:26 +0100 From: "David Laight" <David.Laight@...LAB.COM> To: "Carlos O'Donell" <carlos@...temhalted.org>, "David Miller" <davem@...emloft.net> Cc: <mtk.manpages@...il.com>, <netdev@...r.kernel.org>, <penguin-kernel@...ove.sakura.ne.jp>, <linux-api@...r.kernel.org>, <yoshfuji@...ux-ipv6.org>, <jengelh@...ozas.de>, <w@....eu>, <alan@...rguk.ukuu.org.uk> Subject: RE: [patch] Fix handling of overlength pathname in AF_UNIX sun_path > > Why not have: > > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c > index d510353..f9f77a7 100644 > --- a/net/unix/af_unix.c > +++ b/net/unix/af_unix.c > @@ -216,6 +216,9 @@ static int unix_mkname(struct sockaddr_un > *sunaddr, int len, unsigned *hashp) > */ > ((char *)sunaddr)[len] = 0; > len = strlen(sunaddr->sun_path)+1+sizeof(short); > + /* No null terminator was found in the path. */ > + if (len > sizeof(*sunaddr)) > + return -EINVAL; > return len; That could generate a kernel page fault! (Depending on what follows (or rather doesn't follow!) sun_path.) You'd need to use memchr() not strlen(). David -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists