| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1371143153.2246.10.camel@bwh-desktop.uk.level5networks.com> Date: Thu, 13 Jun 2013 18:05:53 +0100 From: Ben Hutchings <bhutchings@...arflare.com> To: David Miller <davem@...emloft.net> CC: <dborkman@...hat.com>, <netdev@...r.kernel.org> Subject: Re: [PATCH net] packet: packet_getname_spkt: make sure string is always 0-terminated On Thu, 2013-06-13 at 01:38 -0700, David Miller wrote: > From: Daniel Borkmann <dborkman@...hat.com> > Date: Wed, 12 Jun 2013 16:02:27 +0200 > > > uaddr->sa_data is exactly of size 14, which is hard-coded here and > > passed as a size argument to strncpy(). A device name can be of size > > IFNAMSIZ (== 16), meaning we might leave the destination string > > unterminated. Thus, use strlcpy() and also sizeof() while we're > > at it. We need to memset the data area beforehand, since strlcpy > > does not padd the remaining buffer with zeroes for user space, so > > that we do not possibly leak anything. > > > > Signed-off-by: Daniel Borkmann <dborkman@...hat.com> > > Applied, and queued up for -stable, thanks. I don't think this should be applied anywhere. Dropping support for 14-character device names is a regression. Ben. -- Ben Hutchings, Staff Engineer, Solarflare Not speaking for my employer; that's the marketing department's job. They asked us to note that Solarflare product names are trademarked. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists