Re: [LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

From: Cyril Hrubis <chrubis@suse.cz>
To: Martin Doucha <mdoucha@suse.cz>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access
Date: Fri, 24 May 2024 13:59:35 +0200	[thread overview]
Message-ID: <ZlCBJxGNtVn-EUi8@yuki> (raw)
In-Reply-To: <d0c6c233-df1a-45bd-a506-19cc9573ec21@suse.cz>

Hi!
> Then you should validate the received length against the send buffer. 
> Without any validation of the received length, there's a possibility of 
> buffer overflow.

That is actually being done we compare the received lenght against the
original buffer in:

	...

	if (msg_recv.data.len != buff->msg.data.len) {
		tst_res(TFAIL, "Received the wrong message data length");

	...

The buff->msg.data.len is the orignal buffer passed to the msgsnd() so
we make sure that the length is fits the buffer.

We also clear the buffer before each call, so partial message would fail
the test because the comparsion of bytes would fail, which is not ideal,
but again I do not want to further change the test, because there is
much more to fix...

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

next prev parent reply	other threads:[~2024-05-24 11:59 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-23 15:59 [LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access Cyril Hrubis
2024-05-23 16:08 ` Martin Doucha
2024-05-23 16:27   ` Petr Vorel
2024-05-24 11:33   ` Cyril Hrubis
2024-05-24 11:39     ` Petr Vorel
2024-05-24 11:43     ` Martin Doucha
2024-05-24 11:59       ` Cyril Hrubis [this message]
2024-05-24 12:01         ` Martin Doucha
2024-05-23 16:19 ` Petr Vorel
2024-05-23 18:35   ` Cyril Hrubis
2024-05-23 16:25 ` Petr Vorel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZlCBJxGNtVn-EUi8@yuki \
    --to=chrubis@suse.cz \
    --cc=ltp@lists.linux.it \
    --cc=mdoucha@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox