| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1458671719-14361-8-git-send-email-phil@nwl.cc>
Date: Tue, 22 Mar 2016 19:35:19 +0100
From: Phil Sutter <phil@....cc>
To: Stephen Hemminger <shemming@...cade.com>
Cc: netdev@...r.kernel.org
Subject: [iproute PATCH 7/7] lib/ll_addr: improve ll_addr_n2a() a bit
Apart from making the code a bit more compact and efficient, this also
prevents a potential buffer overflow if the passed buffer is really too
small: Although correctly decrementing the size parameter passed to
snprintf, it could become negative which would then wrap since snprintf
uses (unsigned) size_t for the parameter.
Signed-off-by: Phil Sutter <phil@....cc>
---
lib/ll_addr.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/lib/ll_addr.c b/lib/ll_addr.c
index 2ce9abfbb8c69..465ed6fa4d9a2 100644
--- a/lib/ll_addr.c
+++ b/lib/ll_addr.c
@@ -41,18 +41,9 @@ const char *ll_addr_n2a(const unsigned char *addr, int alen, int type, char *buf
if (alen == 16 && type == ARPHRD_TUNNEL6) {
return inet_ntop(AF_INET6, addr, buf, blen);
}
- l = 0;
- for (i=0; i<alen; i++) {
- if (i==0) {
- snprintf(buf+l, blen, "%02x", addr[i]);
- blen -= 2;
- l += 2;
- } else {
- snprintf(buf+l, blen, ":%02x", addr[i]);
- blen -= 3;
- l += 3;
- }
- }
+ snprintf(buf, blen, "%02x", addr[0]);
+ for (i = 1, l = 2; i < alen && l < blen; i++, l += 3)
+ snprintf(buf + l, blen - l, ":%02x", addr[i]);
return buf;
}
--
2.7.2
Powered by blists - more mailing lists