Re: [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated

From: Manuel Schoelling
Date: Sat Jun 07 2014 - 17:53:42 EST


On Sa, 2014-06-07 at 14:42 -0700, David Rientjes wrote:
> On Sat, 7 Jun 2014, Manuel SchÃlling wrote:
>
> > dns_query() credulously assumes that keys are null-terminated and
> > returns a copy of a memory block that is off by one.
>
> No sign-off? Please read Documentation/SubmittingPatches.
It's just not my day today.
Sorry, I forgot about the sign-off.

> > ---
> > net/dns_resolver/dns_query.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
> > index e7b6d53..84871a2 100644
> > --- a/net/dns_resolver/dns_query.c
> > +++ b/net/dns_resolver/dns_query.c
> > @@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
> > len = upayload->datalen;
> >
> > ret = -ENOMEM;
> > - *_result = kmalloc(len + 1, GFP_KERNEL);
> > + *_result = kzalloc(len + 1, GFP_KERNEL);
> > if (!*_result)
> > goto put;
> >
> > - memcpy(*_result, upayload->data, len + 1);
> > + memcpy(*_result, upayload->data, len);
> > if (_expiry)
> > *_expiry = rkey->expiry;
> >
>
> kzalloc() would be unnecessary overhead (zeroing definitely comes with a
> cost) if you're going to copy to the memory immediately afterwards. Just
> leave the kmalloc(), do the memcpy() and explicitly zero terminate it
> _result.

Using kzalloc() was suggested of a developer on IRC (#kernelnewbies) but
if you prefer kmalloc, that's ok, too.
I'll send you a corrected patch in a second.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/