| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Dec 2017 09:52:21 -0800
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Cc: Stephen Hemminger <stephen@...workplumber.org>,
Stephen Hemminger <sthemmin@...rosoft.com>
Subject: [PATCH] ss: fix crash with invalid command input file
If given an invalid input file with -F flag, ss would crash.
Examples of invalid input are line to long, or null file.
Signed-off-by: Stephen Hemminger <sthemmin@...rosoft.com>
---
misc/ssfilter.y | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/misc/ssfilter.y b/misc/ssfilter.y
index ba82b65f712b..4db3c95faa3c 100644
--- a/misc/ssfilter.y
+++ b/misc/ssfilter.y
@@ -202,15 +202,23 @@ int yylex(void)
argc++;
} else if (yy_fp) {
while (tokptr == NULL) {
- if (fgets(argbuf, sizeof(argbuf)-1, yy_fp) == NULL)
+ size_t len;
+
+ if (fgets(argbuf, sizeof(argbuf), yy_fp) == NULL)
return 0;
- argbuf[sizeof(argbuf)-1] = 0;
- if (strlen(argbuf) == sizeof(argbuf) - 1) {
- fprintf(stderr, "Too long line in filter");
+
+ len = strnlen(argbuf, sizeof(argbuf));
+ if (len == 0) {
+ fprintf(stderr, "Invalid line\n");
+ exit(-1);
+ }
+
+ if (len >= sizeof(argbuf) - 1) {
+ fprintf(stderr, "Too long line in filter\n");
exit(-1);
}
- if (argbuf[strlen(argbuf)-1] == '\n')
- argbuf[strlen(argbuf)-1] = 0;
+ if (argbuf[len - 1] == '\n')
+ argbuf[len-1] = 0;
if (argbuf[0] == '#' || argbuf[0] == '0')
continue;
tokptr = argbuf;
--
2.11.0
Powered by blists - more mailing lists