| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160601.233216.1293792015714271361.davem@davemloft.net> Date: Wed, 01 Jun 2016 23:32:16 -0700 (PDT) From: David Miller <davem@...emloft.net> To: kangjielu@...il.com Cc: jon.maloy@...csson.com, ying.xue@...driver.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, taesoo@...ech.edu, csong84@...ech.edu, kjlu@...ech.edu Subject: Re: [PATCH] tipc: fix an infoleak in tipc_nl_compat_link_dump From: Kangjie Lu <kangjielu@...il.com> Date: Wed, 1 Jun 2016 12:34:55 -0400 > diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c > index f795b1d..115aafa 100644 > --- a/net/tipc/netlink_compat.c > +++ b/net/tipc/netlink_compat.c > @@ -604,6 +604,7 @@ static int tipc_nl_compat_link_dump(struct tipc_nl_compat_msg *msg, > > link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]); > link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP])); > + memset((void *)link_info.str, 0, TIPC_MAX_LINK_NAME); > strcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME])); > Please instead use "nla_strlcpy()". Thanks.
Powered by blists - more mailing lists