| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jul 2015 16:49:38 +0000
From: "Rustad, Mark D" <mark.d.rustad@...el.com>
To: Vadim Kochan <vadim4j@...il.com>
CC: Marc Dietrich <marvin24@....de>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: "ss -p" segfaults
> On Jul 15, 2015, at 8:12 AM, Vadim Kochan <vadim4j@...il.com> wrote:
> Would you please check this fix ?
>
> diff --git a/misc/ss.c b/misc/ss.c
> index 03f92fa..3a826e4 100644
> --- a/misc/ss.c
> +++ b/misc/ss.c
> @@ -683,8 +683,8 @@ static inline void sock_addr_set_str(inet_prefix *prefix, char **ptr)
>
> static inline char *sock_addr_get_str(const inet_prefix *prefix)
> {
> - char *tmp ;
> - memcpy(&tmp, prefix->data, sizeof(char *));
> + char *tmp;
> + memcpy(&tmp, &prefix->data[0], sizeof(char *));
> return tmp;
> }
That surely is not a fix! The destination of the memcpy is the address of an uninitialized stack variable! Both versions are equally bad.
--
Mark Rustad, Networking Division, Intel Corporation
Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)
Powered by blists - more mailing lists