Re: [PATCH net v2] net/x25: prevent a couple of overflows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 02 Dec 2020 10:27:18 +0100 Martin Schiller wrote:
> On 2020-12-01 16:15, Dan Carpenter wrote:
> > The .x25_addr[] address comes from the user and is not necessarily
> > NUL terminated.  This leads to a couple problems.  The first problem is
> > that the strlen() in x25_bind() can read beyond the end of the buffer.
> > 
> > The second problem is more subtle and could result in memory 
> > corruption.
> > The call tree is:
> >   x25_connect()  
> >   --> x25_write_internal()
> >       --> x25_addr_aton()  
> > 
> > The .x25_addr[] buffers are copied to the "addresses" buffer from
> > x25_write_internal() so it will lead to stack corruption.
> > 
> > Verify that the strings are NUL terminated and return -EINVAL if they
> > are not.
> > 
> > Reported-by: "kiyin(尹亮)" <kiyin@xxxxxxxxxxx>
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> 
> Acked-by: Martin Schiller <ms@xxxxxxxxxx>

Applied, thanks!




[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux