| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171011182144.08ffc990@xeon-e3>
Date: Wed, 11 Oct 2017 18:21:44 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Subject: [RFC] iproute2: reject zero length strings for matches
The ip commands use the function matches() to allow for abbreviations like:
$ ip l
$ ip r
But the function does not check for zero length strings which is potentially error
prone (but might also break some power users assumptions). For example:
$ ip ""
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
This patch checks for zero length strings and never matches the option.
$ ip ""
Object "" is unknown, try "ip help".
diff --git a/lib/utils.c b/lib/utils.c
index ac155bf5a044..b68a2e0f4a07 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -733,7 +733,7 @@ int matches(const char *cmd, const char *pattern)
{
int len = strlen(cmd);
- if (len > strlen(pattern))
+ if (len == 0 || len > strlen(pattern))
return -1;
return memcmp(pattern, cmd, len);
}
Powered by blists - more mailing lists