lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20190206185101.17430-1-stephen@networkplumber.org>
Date:   Wed,  6 Feb 2019 10:51:02 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Cc:     Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH iproute2] tc: avoid problems with hard coded rate string length

The parse_percent_rate function assumed the buffer was 20 characters.
Better to pass length in case the size ever changes.

Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
---
 tc/tc_util.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/tc/tc_util.c b/tc/tc_util.c
index 1377b536e72f..4e289ae9c2ad 100644
--- a/tc/tc_util.c
+++ b/tc/tc_util.c
@@ -190,7 +190,8 @@ static const struct rate_suffix {
 	{ NULL }
 };
 
-static int parse_percent_rate(char *rate, const char *str, const char *dev)
+static int parse_percent_rate(char *rate, size_t len,
+			      const char *str, const char *dev)
 {
 	long dev_mbit;
 	int ret;
@@ -221,8 +222,8 @@ static int parse_percent_rate(char *rate, const char *str, const char *dev)
 
 	rate_mbit = perc * dev_mbit;
 
-	ret = snprintf(rate, 20, "%lf", rate_mbit);
-	if (ret <= 0 || ret >= 20) {
+	ret = snprintf(rate, len, "%lf", rate_mbit);
+	if (ret <= 0 || ret >= len) {
 		fprintf(stderr, "Unable to parse calculated rate\n");
 		return -1;
 	}
@@ -239,7 +240,7 @@ int get_percent_rate(unsigned int *rate, const char *str, const char *dev)
 {
 	char r_str[20];
 
-	if (parse_percent_rate(r_str, str, dev))
+	if (parse_percent_rate(r_str, sizeof(r_str), str, dev))
 		return -1;
 
 	return get_rate(rate, r_str);
@@ -249,7 +250,7 @@ int get_percent_rate64(__u64 *rate, const char *str, const char *dev)
 {
 	char r_str[20];
 
-	if (parse_percent_rate(r_str, str, dev))
+	if (parse_percent_rate(r_str, sizeof(r_str), str, dev))
 		return -1;
 
 	return get_rate64(rate, r_str);
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ