netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [patch] isdn: avoid copying too long drvid
@ 2011-11-23  6:43 Dan Carpenter
  2011-11-24 12:42 ` [patch v2] " Dan Carpenter
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2011-11-23  6:43 UTC (permalink / raw)
  To: Karsten Keil
  Cc: David S. Miller, Lucas De Marchi, Neil Horman, netdev,
	kernel-janitors

"cfg->drvid" comes from the user so there is a possibility they
didn't NUL terminate properly.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
index 1f73d7f..487d214 100644
--- a/drivers/isdn/i4l/isdn_net.c
+++ b/drivers/isdn/i4l/isdn_net.c
@@ -2756,6 +2756,8 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
 			char *c,
 			*e;
 
+			if (strlen(cfg->drvid) >= sizeof(drvid))
+				return -EINVAL;
 			drvidx = -1;
 			chidx = -1;
 			strcpy(drvid, cfg->drvid);

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [patch v2] isdn: avoid copying too long drvid
  2011-11-23  6:43 [patch] isdn: avoid copying too long drvid Dan Carpenter
@ 2011-11-24 12:42 ` Dan Carpenter
  2011-11-29 23:40   ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2011-11-24 12:42 UTC (permalink / raw)
  To: Karsten Keil
  Cc: David S. Miller, Lucas De Marchi, Neil Horman, netdev,
	kernel-janitors

[-- Attachment #1: Type: text/plain, Size: 638 bytes --]

"cfg->drvid" comes from the user so there is a possibility they
didn't NUL terminate it properly.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
v2: use strnlen() instead of strlen().

diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
index 1f73d7f..2339d73 100644
--- a/drivers/isdn/i4l/isdn_net.c
+++ b/drivers/isdn/i4l/isdn_net.c
@@ -2756,6 +2756,9 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
 			char *c,
 			*e;
 
+			if (strnlen(cfg->drvid, sizeof(cfg->drvid)) ==
+					sizeof(cfg->drvid))
+				return -EINVAL;
 			drvidx = -1;
 			chidx = -1;
 			strcpy(drvid, cfg->drvid);

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [patch v2] isdn: avoid copying too long drvid
  2011-11-24 12:42 ` [patch v2] " Dan Carpenter
@ 2011-11-29 23:40   ` David Miller
  0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2011-11-29 23:40 UTC (permalink / raw)
  To: dan.carpenter; +Cc: isdn, lucas.demarchi, nhorman, netdev, kernel-janitors

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Thu, 24 Nov 2011 15:42:09 +0300

> "cfg->drvid" comes from the user so there is a possibility they
> didn't NUL terminate it properly.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> v2: use strnlen() instead of strlen().

Applied.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-11-29 23:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-23  6:43 [patch] isdn: avoid copying too long drvid Dan Carpenter
2011-11-24 12:42 ` [patch v2] " Dan Carpenter
2011-11-29 23:40   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).