| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5f6f7a08-30dc-a780-8f32-a7414caeea0b@gmail.com>
Date: Tue, 20 Mar 2018 09:50:05 -0600
From: David Ahern <dsahern@...il.com>
To: Stephen Hemminger <stephen@...workplumber.org>,
netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 5/5] namespace: limit length of network namespace
On 3/19/18 10:56 AM, Stephen Hemminger wrote:
> Avoid running into buffer overflows with excessively long network
> namespace. Fixes Gcc-8 warning about possible snprintf truncation.
>
> Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
> ---
> lib/namespace.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/lib/namespace.c b/lib/namespace.c
> index 682634028587..ce5683a5f4e6 100644
> --- a/lib/namespace.c
> +++ b/lib/namespace.c
> @@ -18,7 +18,7 @@
> static void bind_etc(const char *name)
> {
> char etc_netns_path[PATH_MAX];
> - char netns_name[PATH_MAX];
> + char netns_name[2*PATH_MAX];
> char etc_name[PATH_MAX];
> struct dirent *entry;
> DIR *dir;
> @@ -52,6 +52,12 @@ int netns_switch(char *name)
> unsigned long mountflags = 0;
> struct statvfs fsstat;
>
> + if (strlen(name) >= NAME_MAX) {
> + fprintf(stderr, "Network namespace name too long\"%s\"\n",
> + name);
> + return -1;
> + }
> +
> snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name);
> netns = open(net_path, O_RDONLY | O_CLOEXEC);
> if (netns < 0) {
>
Since PATH_MAX is a Linux limit for file paths, why not ensure
strlen(name) + strlen(NETNS_RUN_DIR) + 2 <= PATH_MAX
Powered by blists - more mailing lists