| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1384352177.28458.99.camel@edumazet-glaptop2.roam.corp.google.com> Date: Wed, 13 Nov 2013 06:16:17 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Andreas Henriksson <andreas@...al.se> Cc: stephen@...workplumber.org, netdev@...r.kernel.org Subject: Re: [PATCH iproute2 v2] ss: avoid passing negative numbers to malloc On Wed, 2013-11-13 at 09:46 +0100, Andreas Henriksson wrote: > Example: > > $ ss state established \( sport = :4060 or sport = :4061 or sport = :4062 or sport = :4063 or sport = :4064 or sport = :4065 or sport = :4066 or sport = :4067 \) > /dev/null > Aborted > > In the example above ssfilter_bytecompile(...) will return (int)136. > char l1 = 136; means -120 which will result in a negative number > being passed to malloc at misc/ss.c:913. > > Simply declare l1 and l2 as integers to avoid the char overflow. > > This is one of the issues originally reported in http://bugs.debian.org/511720 > > Fix the same problem in other code paths as well (thanks to Eric Dumazet). > > Reported-by: Andreas Schuldei <andreas@...ian.org> > Signed-off-by: Andreas Henriksson <andreas@...al.se> Reviewed-by: Eric Dumazet <edumazet@...gle.com> Thanks ! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists