| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <512F5F14.6070801@suse.cz> Date: Thu, 28 Feb 2013 14:43:48 +0100 From: Jiri Slaby <jslaby@...e.cz> To: Chen Gang <gang.chen@...anux.com> CC: Jiri Kosina <jkosina@...e.cz>, isdn@...ux-pingi.de, Greg KH <gregkh@...uxfoundation.org>, alan@...ux.intel.com, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] drivers/isdn: checkng length to be sure not memory overflow On 02/28/2013 12:01 PM, Chen Gang wrote: > 于 2013年02月28日 18:00, Jiri Slaby 写道: >> I don't think there are piles of people to care about ISDN much nowadays. > > I don't think either. > (I found it through reading the source code, by search strncpy) > > if this is quite minor: > I suggest to delete this module. Nah, there *are* still people using ISDN. >> So we can >> close that it is correct to drop the rest of the buffer. In a hope that >> +M is not followed by text longer than 50-or-so chars. > > can we be sure that "+M..." is no more than 100+ chars ? > (I guess the sizeof (isdn_ctrl.parm) is 80+, but less than 100) > if we can not be sure: No, we cannot be sure that a user gives us less than that. Your patch just throws the rest to fix that overflow, right? What I'm saying I wouldn't fix more than that. -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists