* [B.A.T.M.A.N.] [PATCH] batman-adv: check proto length before accessing proto string buffer
@ 2013-04-27 8:22 Marek Lindner
2013-04-27 16:01 ` Antonio Quartulli
0 siblings, 1 reply; 3+ messages in thread
From: Marek Lindner @ 2013-04-27 8:22 UTC (permalink / raw)
To: b.a.t.m.a.n; +Cc: Marek Lindner
batadv_param_set_ra() strips the trailing '\n' from the supplied
string buffer without checking the length of the buffer first. This
patches avoids random memory access and associated potential
crashes.
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/main.c b/main.c
index 8a8fd00..f07dd6b 100644
--- a/main.c
+++ b/main.c
@@ -1106,7 +1106,7 @@ static int batadv_param_set_ra(const char *val, const struct kernel_param *kp)
char *algo_name = (char *)val;
size_t name_len = strlen(algo_name);
- if (algo_name[name_len - 1] == '\n')
+ if (name_len > 0 && algo_name[name_len - 1] == '\n')
algo_name[name_len - 1] = '\0';
bat_algo_ops = batadv_algo_get(algo_name);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: check proto length before accessing proto string buffer
2013-04-27 8:22 [B.A.T.M.A.N.] [PATCH] batman-adv: check proto length before accessing proto string buffer Marek Lindner
@ 2013-04-27 16:01 ` Antonio Quartulli
2013-04-29 7:06 ` Marek Lindner
0 siblings, 1 reply; 3+ messages in thread
From: Antonio Quartulli @ 2013-04-27 16:01 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking; +Cc: Marek Lindner
[-- Attachment #1: Type: text/plain, Size: 562 bytes --]
On Sat, Apr 27, 2013 at 04:22:28 +0800, Marek Lindner wrote:
> batadv_param_set_ra() strips the trailing '\n' from the supplied
> string buffer without checking the length of the buffer first. This
> patches avoids random memory access and associated potential
> crashes.
>
> Reported-by: Sasha Levin <sasha.levin@oracle.com>
> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Thank you for fixing this!
Please, merge this patch in maint.
Cheers,
--
Antonio Quartulli
..each of us alone is worth nothing..
Ernesto "Che" Guevara
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: check proto length before accessing proto string buffer
2013-04-27 16:01 ` Antonio Quartulli
@ 2013-04-29 7:06 ` Marek Lindner
0 siblings, 0 replies; 3+ messages in thread
From: Marek Lindner @ 2013-04-29 7:06 UTC (permalink / raw)
To: b.a.t.m.a.n; +Cc: Antonio Quartulli
On Sunday, April 28, 2013 00:01:32 Antonio Quartulli wrote:
> On Sat, Apr 27, 2013 at 04:22:28 +0800, Marek Lindner wrote:
> > batadv_param_set_ra() strips the trailing '\n' from the supplied
> > string buffer without checking the length of the buffer first. This
> > patches avoids random memory access and associated potential
> > crashes.
> >
> >
> >
> > Reported-by: Sasha Levin <sasha.levin@oracle.com>
> > Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
>
> Thank you for fixing this!
>
> Please, merge this patch in maint.
Applied in revision aa7d19a.
Regards,
Marek
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-04-29 7:06 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-27 8:22 [B.A.T.M.A.N.] [PATCH] batman-adv: check proto length before accessing proto string buffer Marek Lindner
2013-04-27 16:01 ` Antonio Quartulli
2013-04-29 7:06 ` Marek Lindner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox