| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170824152943.17173f52@xeon-e3> Date: Thu, 24 Aug 2017 15:29:43 -0700 From: Stephen Hemminger <stephen@...workplumber.org> To: Phil Sutter <phil@....cc> Cc: netdev@...r.kernel.org Subject: Re: [iproute PATCH v3 6/6] lib/libnetlink: Don't pass NULL parameter to memcpy() On Thu, 24 Aug 2017 11:41:31 +0200 Phil Sutter <phil@....cc> wrote: > Both addattr_l() and rta_addattr_l() may be called with NULL data > pointer and 0 alen parameters. Avoid calling memcpy() in that case. > > Signed-off-by: Phil Sutter <phil@....cc> > --- > lib/libnetlink.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/lib/libnetlink.c b/lib/libnetlink.c > index 874e660be7eb4..fbe719ee10449 100644 > --- a/lib/libnetlink.c > +++ b/lib/libnetlink.c > @@ -871,7 +871,8 @@ int addattr_l(struct nlmsghdr *n, int maxlen, int type, const void *data, > rta = NLMSG_TAIL(n); > rta->rta_type = type; > rta->rta_len = len; > - memcpy(RTA_DATA(rta), data, alen); > + if (alen) > + memcpy(RTA_DATA(rta), data, alen); > n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len); > return 0; > } > @@ -958,7 +959,8 @@ int rta_addattr_l(struct rtattr *rta, int maxlen, int type, > subrta = (struct rtattr *)(((char *)rta) + RTA_ALIGN(rta->rta_len)); > subrta->rta_type = type; > subrta->rta_len = len; > - memcpy(RTA_DATA(subrta), data, alen); > + if (alen) > + memcpy(RTA_DATA(subrta), data, alen); > rta->rta_len = NLMSG_ALIGN(rta->rta_len) + RTA_ALIGN(len); > return 0; > } Ok, applied. You never know when GCC language experts might decide to exploit undefined behavior.
Powered by blists - more mailing lists