| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Apr 2020 08:42:15 +0200
From: Dominique Martinet <asmadeus@...ewreck.org>
To: Jamal Hadi Salim <jhs@...atatu.com>
Cc: stephen@...workplumber.org, netdev@...r.kernel.org,
dsahern@...il.com, aclaudi@...hat.com, daniel@...earbox.net,
Jamal Hadi Salim <hadi@...atatu.com>
Subject: Re: [PATCH iproute2 1/1] bpf: Fix segfault when custom pinning is
used
(random review)
Jamal Hadi Salim wrote on Tue, Apr 21, 2020:
> diff --git a/lib/bpf.c b/lib/bpf.c
> index 10cf9bf4..cf636c9e 100644
> --- a/lib/bpf.c
> +++ b/lib/bpf.c
> @@ -1509,12 +1509,12 @@ out:
> static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx,
> const char *todo)
> {
> - char *tmp = NULL;
> + char tmp[PATH_MAX] = {};
> char *rem = NULL;
> char *sub;
> int ret;
>
> - ret = asprintf(&tmp, "%s/../", bpf_get_work_dir(ctx->type));
> + ret = sprintf(tmp, "%s/../", bpf_get_work_dir(ctx->type));
> if (ret < 0) {
> fprintf(stderr, "asprintf failed: %s\n", strerror(errno));
error check needs to be reworded, and it probably needs to use snprintf
instead of sprintf: bpf_get_work_dir() can be up to PATH_MAX long and as
pointed out there are strcat() afterwards so it's still possible to
overflow this one
--
Dominique
Powered by blists - more mailing lists