| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Aug 2017 18:57:05 +0200
From: Phil Sutter <phil@....cc>
To: David Laight <David.Laight@...LAB.COM>
Cc: Stephen Hemminger <stephen@...workplumber.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [iproute PATCH v2 4/5] tc/tc_filter: Make sure filter name is
not empty
On Fri, Aug 18, 2017 at 04:34:44PM +0000, David Laight wrote:
> From: Phil Sutter
> > Sent: 18 August 2017 12:16
> > On Fri, Aug 18, 2017 at 09:30:35AM +0000, David Laight wrote:
> > > From: Phil Sutter
> > > > Sent: 17 August 2017 18:10
> > > > The later check for 'k[0] != 0' requires a non-empty filter name,
> > > > otherwise NULL pointer dereference in 'q' might happen.
> > > >
> > > > Signed-off-by: Phil Sutter <phil@....cc>
> > > > ---
> > > > tc/tc_filter.c | 3 +++
> > > > 1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/tc/tc_filter.c b/tc/tc_filter.c
> > > > index b13fb9185d4fd..a799edb35886d 100644
> > > > --- a/tc/tc_filter.c
> > > > +++ b/tc/tc_filter.c
> > > > @@ -412,6 +412,9 @@ static int tc_filter_get(int cmd, unsigned int flags, int argc, char **argv)
> > > > usage();
> > > > return 0;
> > > > } else {
> > > > + if (!strlen(*argv))
> > > > + invarg("invalid filter name", *argv);
> > >
> > > That is nearly as bad as:
> > > p[strlen(p)] = 0;
> >
> > Hey, it's not impossible! I could call tc like so:
> >
> > | # tc filter get protocol ip prio 1 ""
>
> You missed the point. Just check **argv there is no need to
> determine the length just to check it is non-zero.
Oh, hehe. Thanks for the short-cut!
Thanks, PHil
Powered by blists - more mailing lists