lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1402178010.4806.3.camel@schoellingm.dzne.de>
Date:	Sat, 07 Jun 2014 23:53:30 +0200
From:	Manuel Schoelling <manuel.schoelling@....de>
To:	David Rientjes <rientjes@...gle.com>
Cc:	davem@...emloft.net, jeffrey.t.kirsher@...el.com,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] dns_resolver: assure that dns_query() result is
 null-terminated

On Sa, 2014-06-07 at 14:42 -0700, David Rientjes wrote:
> On Sat, 7 Jun 2014, Manuel Schölling wrote:
> 
> > dns_query() credulously assumes that keys are null-terminated and
> > returns a copy of a memory block that is off by one.
> 
> No sign-off?  Please read Documentation/SubmittingPatches.
It's just not my day today.
Sorry, I forgot about the sign-off.

> > ---
> >  net/dns_resolver/dns_query.c |    4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
> > index e7b6d53..84871a2 100644
> > --- a/net/dns_resolver/dns_query.c
> > +++ b/net/dns_resolver/dns_query.c
> > @@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
> >  	len = upayload->datalen;
> >  
> >  	ret = -ENOMEM;
> > -	*_result = kmalloc(len + 1, GFP_KERNEL);
> > +	*_result = kzalloc(len + 1, GFP_KERNEL);
> >  	if (!*_result)
> >  		goto put;
> >  
> > -	memcpy(*_result, upayload->data, len + 1);
> > +	memcpy(*_result, upayload->data, len);
> >  	if (_expiry)
> >  		*_expiry = rkey->expiry;
> >  
> 
> kzalloc() would be unnecessary overhead (zeroing definitely comes with a 
> cost) if you're going to copy to the memory immediately afterwards.  Just 
> leave the kmalloc(), do the memcpy() and explicitly zero terminate it 
> _result.

Using kzalloc() was suggested of a developer on IRC (#kernelnewbies) but
if you prefer kmalloc, that's ok, too.
I'll send you a corrected patch in a second.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ