lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Jun 2015 23:31:19 -0400 From: Stephen Hemminger <stephen@...workplumber.org> To: Daniel Borkmann <daniel@...earbox.net> Cc: "Guzman Mosqueda, Jose R" <jose.r.guzman.mosqueda@...el.com>, Vadim Kochan <vadim4j@...il.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, eric.dumazet@...il.com Subject: Re: [PATCH iproute2] ss: Fix allocation of cong control alg name On Fri, 29 May 2015 18:48:42 +0200 Daniel Borkmann <daniel@...earbox.net> wrote: > On 05/29/2015 06:17 PM, Guzman Mosqueda, Jose R wrote: > > Hi Daniel and Vadim > > > > Thanks for your prompt response and for the patch. > > > > Also, what about the other one? Do you think it is an issue or not? > > > > " File: tc/tc_util.c > > Function: void print_rate(char *buf, int len, __u64 rate) > > Line: ~264 > > > > In the case that user inputs a high value for rate, the "for" loop will exit in the condition meaning that variable "i" get the value of 5 which will be an invalid index for the "units" array due to that array has only 5 elements." > > > > I know a very high value is invalid but in the case that it comes directly from user, it could cause and issue, what do you think? > > Hm, this prints just the netlink dump from kernel side, but perhaps > we should just change it ... > > diff --git a/tc/tc_util.c b/tc/tc_util.c > index dc2b70f..aa6de24 100644 > --- a/tc/tc_util.c > +++ b/tc/tc_util.c > @@ -250,18 +250,19 @@ void print_rate(char *buf, int len, __u64 rate) > extern int use_iec; > unsigned long kilo = use_iec ? 1024 : 1000; > const char *str = use_iec ? "i" : ""; > - int i = 0; > static char *units[5] = {"", "K", "M", "G", "T"}; > + int i; > > rate <<= 3; /* bytes/sec -> bits/sec */ > > - for (i = 0; i < ARRAY_SIZE(units); i++) { > + for (i = 0; i < ARRAY_SIZE(units) - 1; i++) { > if (rate < kilo) > break; > if (((rate % kilo) != 0) && rate < 1000*kilo) > break; > rate /= kilo; > } > + > snprintf(buf, len, "%.0f%s%sbit", (double)rate, units[i], str); > } I don't know what thread you meant to hijack for this, but it wasn't the one about ss: cong name. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists