| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <52447DAC.2060701@linux.vnet.ibm.com>
Date: Fri, 27 Sep 2013 00:02:12 +0530
From: Sohny Thomas <sthomas@...ux.vnet.ibm.com>
To: stephen@...workplumber.org, netdev@...r.kernel.org
Subject: [PATCH] iproute2: xfrm state add abort issue
ip xfrm state add causes a SIGABRT due to a strncpy_chk .
This happens since strncpy doesn't account for the '\0' .
I have fixed this using sizeof instead of strlen .
There is a redhat bug which documents this issue
https://bugzilla.redhat.com/show_bug.cgi?id=982761
Signed-off-by: Sohny Thomas <sohthoma@...ibm.com>
--------------
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 389942c..7dd8799 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -117,7 +117,7 @@ static int xfrm_algo_parse(struct xfrm_algo *alg,
enum xfrm_attr_type_t type,
char *name, char *key, char *buf, int max)
{
int len;
- int slen = strlen(key);
+ int slen = sizeof(key);
#if 0
/* XXX: verifying both name and key is required! */
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists