Re: [nft PATCH 1/4] evaluate: Fix datalen checks in expr_evaluate_string()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 12, 2016 at 06:00:07PM +0200, Phil Sutter wrote:
> This part of the code is pretty weird due to suboptimal variable name
> choice: 'data', 'len', 'datalen', 'data_len'.
> 
> But even without understanding all of it, the code checking 'datalen - 1
> >= 0' assumes 'datalen - 1' may actually become negative, which is not
> true since it is unsigned. So make 'datalen' a signed integer instead.
> 
> Another issue is the check for "data[datalen] != '*'" which will access
> unallocated memory if 'strlen(data) == 0'. So make sure 'datalen >= 0'
> before using it as array index.

We don't allow empty strings from our flex scanner as string, so we
assume the string is at least 1.

You can probably add an assert() here instead.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux