lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 12 Dec 2017 16:54:44 +0800
From:   Ma Shimiao <mashimiao.fnst@...fujitsu.com>
To:     <samuel@...tiz.org>
CC:     <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        Ma Shimiao <mashimiao.fnst@...fujitsu.com>
Subject: [PATCH] drivers/staging/irda: fix max dup length for kstrndup

If source string longer than max, kstrndup will alloc max+1 space.
So, we should make sure the result will not over limit.

Signed-off-by: Ma Shimiao <mashimiao.fnst@...fujitsu.com>
---
 drivers/staging/irda/net/irias_object.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/irda/net/irias_object.c b/drivers/staging/irda/net/irias_object.c
index 53b86d0e1630..b626f796a3ff 100644
--- a/drivers/staging/irda/net/irias_object.c
+++ b/drivers/staging/irda/net/irias_object.c
@@ -56,7 +56,7 @@ struct ias_object *irias_new_object( char *name, int id)
 	}
 
 	obj->magic = IAS_OBJECT_MAGIC;
-	obj->name = kstrndup(name, IAS_MAX_CLASSNAME, GFP_ATOMIC);
+	obj->name = kstrndup(name, IAS_MAX_CLASSNAME - 1, GFP_ATOMIC);
 	if (!obj->name) {
 		net_warn_ratelimited("%s(), Unable to allocate name!\n",
 				     __func__);
@@ -326,7 +326,7 @@ void irias_add_integer_attrib(struct ias_object *obj, char *name, int value,
 	}
 
 	attrib->magic = IAS_ATTRIB_MAGIC;
-	attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME, GFP_ATOMIC);
+	attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME - 1, GFP_ATOMIC);
 
 	/* Insert value */
 	attrib->value = irias_new_integer_value(value);
@@ -370,7 +370,7 @@ void irias_add_octseq_attrib(struct ias_object *obj, char *name, __u8 *octets,
 	}
 
 	attrib->magic = IAS_ATTRIB_MAGIC;
-	attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME, GFP_ATOMIC);
+	attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME - 1, GFP_ATOMIC);
 
 	attrib->value = irias_new_octseq_value( octets, len);
 	if (!attrib->name || !attrib->value) {
@@ -412,7 +412,7 @@ void irias_add_string_attrib(struct ias_object *obj, char *name, char *value,
 	}
 
 	attrib->magic = IAS_ATTRIB_MAGIC;
-	attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME, GFP_ATOMIC);
+	attrib->name = kstrndup(name, IAS_MAX_ATTRIBNAME - 1, GFP_ATOMIC);
 
 	attrib->value = irias_new_string_value(value);
 	if (!attrib->name || !attrib->value) {
@@ -468,7 +468,7 @@ struct ias_value *irias_new_string_value(char *string)
 
 	value->type = IAS_STRING;
 	value->charset = CS_ASCII;
-	value->t.string = kstrndup(string, IAS_MAX_STRING, GFP_ATOMIC);
+	value->t.string = kstrndup(string, IAS_MAX_STRING - 1, GFP_ATOMIC);
 	if (!value->t.string) {
 		net_warn_ratelimited("%s: Unable to kmalloc!\n", __func__);
 		kfree(value);
-- 
2.13.6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ