lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 27 Oct 2017 12:55:27 -0400
From:   Roman Mashak <mrv@...atatu.com>
To:     stephen@...workplumber.org
Cc:     netdev@...r.kernel.org, jhs@...atatu.com,
        Roman Mashak <mrv@...atatu.com>
Subject: [PATCH iproute2 1/1] ip netns: use strtol() instead of atoi()

Use strtol-based API to parse and validate integer input; atoi() does not detect
errors and may yield undefined behaviour if result can't be represented.

Signed-off-by: Roman Mashak <mrv@...atatu.com>
---
 ip/ipnetns.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index afb4978..96da040 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -711,7 +711,8 @@ static int netns_set(int argc, char **argv)
 		return -1;
 	}
 	name = argv[0];
-	nsid = atoi(argv[1]);
+	if (get_integer(&nsid, argv[1], 0))
+		invarg("Invalid \"netnsid\" value\n", argv[1]);
 
 	snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
 	netns = open(netns_path, O_RDONLY | O_CLOEXEC);
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ