lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <556848F4.6080003@iogearbox.net>
Date:	Fri, 29 May 2015 13:09:40 +0200
From:	Daniel Borkmann <daniel@...earbox.net>
To:	Vadim Kochan <vadim4j@...il.com>
CC:	netdev@...r.kernel.org, jose.r.guzman.mosqueda@...el.com
Subject: Re: [PATCH iproute2] ss: Fix allocation of cong control alg name

Hi Vadim,

On 05/29/2015 12:30 PM, Vadim Kochan wrote:
> From: Vadim Kochan <vadim4j@...il.com>
>
> Use strdup instead of malloc, and get rid of bad strcpy.
>
> Signed-off-by: Vadim Kochan <vadim4j@...il.com>

Please also Cc the reporter (done here), and add a:

Fixes: 8250bc9ff4e5 ("ss: Unify inet sockets output")
Reported-by: Jose R. Guzman Mosqueda <jose.r.guzman.mosqueda@...el.com>

Fixes tag is _very useful_ for distros to easily identify if additional
follow-up commits would be needed when backporting the original change.
Then, this can be easily identified when going through the git log.

> ---
>   misc/ss.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/misc/ss.c b/misc/ss.c
> index 347e3a1..a719466 100644
> --- a/misc/ss.c
> +++ b/misc/ss.c
> @@ -1908,8 +1908,7 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
>
>   		if (tb[INET_DIAG_CONG]) {
>   			const char *cong_attr = rta_getattr_str(tb[INET_DIAG_CONG]);
> -			s.cong_alg = malloc(strlen(cong_attr + 1));
> -			strcpy(s.cong_alg, cong_attr);
> +			s.cong_alg = strdup(cong_attr);

strdup(3) can still return NULL.

>   		}
>
>   		if (TCPI_HAS_OPT(info, TCPI_OPT_WSCALE)) {
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ