Justin Stitt <justinstitt@xxxxxxxxxx> wrote: > Fixes several buffer overread bugs present in `ip_set_core.c` by using > `strscpy` over `strncpy`. > > Link: https://github.com/KSPP/linux/issues/90 > Cc: linux-hardening@xxxxxxxxxxxxxxx > Signed-off-by: Justin Stitt <justinstitt@xxxxxxxxxx> > > --- > There exists several potential buffer overread bugs here. These bugs > exist due to the fact that the destination and source strings may have > the same length which is equal to the max length `IPSET_MAXNAMELEN`. There is no truncation. Inputs are checked via nla_policy: [IPSET_ATTR_SETNAME2] = { .type = NLA_NUL_STRING, .len = IPSET_MAXNAMELEN - 1 },
