| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Mar 2018 12:21:08 +0300
From: Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To: Stephen Hemminger <stephen@...workplumber.org>,
netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 v2 5/9] namespace: fix warning snprintf buffer
Hello!
On 3/20/2018 11:29 PM, Stephen Hemminger wrote:
> It is possible that user could request really long namespace
> name and overrun the path buffer.
>
> Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
> ---
> lib/namespace.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/lib/namespace.c b/lib/namespace.c
> index 6f3356d0fa08..682634028587 100644
> --- a/lib/namespace.c
> +++ b/lib/namespace.c
> @@ -23,7 +23,8 @@ static void bind_etc(const char *name)
> struct dirent *entry;
> DIR *dir;
>
> - snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s", NETNS_ETC_DIR, name);
> + snprintf(etc_netns_path, sizeof(etc_netns_path), "%s/%s",
> + NETNS_ETC_DIR, name);
> dir = opendir(etc_netns_path);
> if (!dir)
> return;
> @@ -33,7 +34,8 @@ static void bind_etc(const char *name)
> continue;
> if (strcmp(entry->d_name, "..") == 0)
> continue;
> - snprintf(netns_name, sizeof(netns_name), "%s/%s", etc_netns_path, entry->d_name);
> + snprintf(netns_name, sizeof(netns_name),
> + "%s/%s", etc_netns_path, entry->d_name);
> snprintf(etc_name, sizeof(etc_name), "/etc/%s", entry->d_name);
> if (mount(netns_name, etc_name, "none", MS_BIND, NULL) < 0) {
> fprintf(stderr, "Bind %s -> %s failed: %s\n",
Hm... not seeing any changes other than the line wrapping. Am I just
blind? :-)
MBR, Sergei
Powered by blists - more mailing lists