| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180528194506.GF27177@lunn.ch>
Date: Mon, 28 May 2018 21:45:06 +0200
From: Andrew Lunn <andrew@...n.ch>
To: Linus Walleij <linus.walleij@...aro.org>
Cc: Vivien Didelot <vivien.didelot@...oirfairelinux.com>,
Florian Fainelli <f.fainelli@...il.com>,
netdev@...r.kernel.org, openwrt-devel@...ts.openwrt.org,
LEDE Development List <lede-dev@...ts.infradead.org>,
Antti Seppälä <a.seppala@...il.com>,
Roman Yeryomin <roman@...em.lv>,
Colin Leitner <colin.leitner@...glemail.com>,
Gabor Juhos <juhosg@...nwrt.org>
Subject: Re: [PATCH 3/4 RFCv2] net: dsa: realtek-smi: Add Realtek SMI driver
> +struct rtl8366_mib_counter {
> + unsigned base;
> + unsigned offset;
> + unsigned length;
> + const char *name;
> +};
> +void rtl8366_get_strings(struct dsa_switch *ds, int port, uint8_t *data)
> +{
> + struct realtek_smi *smi = ds->priv;
> + struct rtl8366_mib_counter *mib;
> + int i;
> +
> + if (port >= smi->num_ports)
> + return;
> +
> + for (i = 0; i < smi->num_mib_counters; i++) {
> + mib = &smi->mib_counters[i];
> + memcpy(data + i * ETH_GSTRING_LEN,
> + mib->name, ETH_GSTRING_LEN);
> + }
> +}
Hi Linus
name is a char *. Its length is determined by its content. But you
perform a memcpy of ETH_GSTRING_LEN. This can take you off the end of
the string causing an out of bounds error. Either make name
ETH_GSTRING_LEN long, or you strncpy().
Andrew
Powered by blists - more mailing lists