Re: [Bugme-new] [Bug 14546] New: Off-by-two stack buffer overflow in function rpc_uaddr2sockaddr() of net/sunrpc/addr.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2009-11-11 Fabio Olive Leite wrote:
On 2009-11-11 Patroklos Argyroudis wrote:
There is no need to increase the size of the buffer since the new
check (if (uaddr_len > sizeof(buf) - 2)) will terminate the function
in case the valid universal address is RPCBIND_MAXUADDRLEN bytes.
On a second note, why is '\n' needed there? You should only need '\0', as a '\n'
at the end is not required by any of the string functions used to convert the address. I believe you could go with buf[RPCBIND_MAXUADDRLEN+1] for the extra NUL only.
AFAICT, strict_strtoul() requires the '\n\0' termination.

--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux