* [PATCH] tipc: fix an infoleak in tipc_nl_compat_link_dump
@ 2016-06-02 8:04 Kangjie Lu
2016-06-03 4:32 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Kangjie Lu @ 2016-06-02 8:04 UTC (permalink / raw)
To: jon.maloy
Cc: ying.xue, davem, netdev, linux-kernel, taesoo, csong84, Kangjie Lu
link_info.str is a char array of size 60. Memory after the NULL
byte is not initialized. Sending the whole object out can cause
a leak.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
---
net/tipc/netlink_compat.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index f795b1d..2518014 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -604,7 +604,8 @@ static int tipc_nl_compat_link_dump(struct tipc_nl_compat_msg *msg,
link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]);
link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP]));
- strcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME]));
+ nla_strlcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME]),
+ TIPC_MAX_LINK_NAME);
return tipc_add_tlv(msg->rep, TIPC_TLV_LINK_INFO,
&link_info, sizeof(link_info));
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] tipc: fix an infoleak in tipc_nl_compat_link_dump
2016-06-02 8:04 [PATCH] tipc: fix an infoleak in tipc_nl_compat_link_dump Kangjie Lu
@ 2016-06-03 4:32 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2016-06-03 4:32 UTC (permalink / raw)
To: kangjielu
Cc: jon.maloy, ying.xue, netdev, linux-kernel, taesoo, csong84, kjlu
From: Kangjie Lu <kangjielu@gmail.com>
Date: Thu, 2 Jun 2016 04:04:56 -0400
> link_info.str is a char array of size 60. Memory after the NULL
> byte is not initialized. Sending the whole object out can cause
> a leak.
>
> Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Applied.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] tipc: fix an infoleak in tipc_nl_compat_link_dump
2016-06-01 16:34 Kangjie Lu
@ 2016-06-02 6:32 ` David Miller
0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2016-06-02 6:32 UTC (permalink / raw)
To: kangjielu
Cc: jon.maloy, ying.xue, netdev, linux-kernel, taesoo, csong84, kjlu
From: Kangjie Lu <kangjielu@gmail.com>
Date: Wed, 1 Jun 2016 12:34:55 -0400
> diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
> index f795b1d..115aafa 100644
> --- a/net/tipc/netlink_compat.c
> +++ b/net/tipc/netlink_compat.c
> @@ -604,6 +604,7 @@ static int tipc_nl_compat_link_dump(struct tipc_nl_compat_msg *msg,
>
> link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]);
> link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP]));
> + memset((void *)link_info.str, 0, TIPC_MAX_LINK_NAME);
> strcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME]));
>
Please instead use "nla_strlcpy()".
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] tipc: fix an infoleak in tipc_nl_compat_link_dump
@ 2016-06-01 16:34 Kangjie Lu
2016-06-02 6:32 ` David Miller
0 siblings, 1 reply; 4+ messages in thread
From: Kangjie Lu @ 2016-06-01 16:34 UTC (permalink / raw)
To: jon.maloy
Cc: ying.xue, davem, netdev, linux-kernel, taesoo, csong84, Kangjie Lu
link_info.str is a char array of size 60. Memory after the NULL
byte is not initialized. Sending the whole object out can cause
a leak.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
---
net/tipc/netlink_compat.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index f795b1d..115aafa 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -604,6 +604,7 @@ static int tipc_nl_compat_link_dump(struct tipc_nl_compat_msg *msg,
link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]);
link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP]));
+ memset((void *)link_info.str, 0, TIPC_MAX_LINK_NAME);
strcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME]));
return tipc_add_tlv(msg->rep, TIPC_TLV_LINK_INFO,
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-06-03 4:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-02 8:04 [PATCH] tipc: fix an infoleak in tipc_nl_compat_link_dump Kangjie Lu
2016-06-03 4:32 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2016-06-01 16:34 Kangjie Lu
2016-06-02 6:32 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.