| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160701.164923.904503664300140834.davem@davemloft.net> Date: Fri, 01 Jul 2016 16:49:23 -0400 (EDT) From: David Miller <davem@...emloft.net> To: richard.alpe@...csson.com Cc: netdev@...r.kernel.org, tipc-discussion@...ts.sourceforge.net, kjlu@...ech.edu Subject: Re: [PATCH net-next] tipc: fix nl compat regression for link statistics From: Richard Alpe <richard.alpe@...csson.com> Date: Fri, 1 Jul 2016 11:11:21 +0200 > Fix incorrect use of nla_strlcpy() where the first NLA_HDRLEN bytes > of the link name where left out. > > Making the output of tipc-config -ls look something like: > Link statistics: > dcast-link > 1:data0-1.1.2:data0 > 1:data0-1.1.3:data0 > > Also, for the record, the patch that introduce this regression > claims "Sending the whole object out can cause a leak". Which isn't > very likely as this is a compat layer, where the data we are parsing > is generated by us and we know the string to be NULL terminated. But > you can of course never be to secure. > > Fixes: 5d2be1422e02 (tipc: fix an infoleak in tipc_nl_compat_link_dump) > Signed-off-by: Richard Alpe <richard.alpe@...csson.com> Applied to 'net' since that is where the regression exists. Please submit bug fixes to the correct tree.
Powered by blists - more mailing lists