Re: [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated
From: Sergei Shtylyov
Date: Sat Jun 07 2014 - 17:58:28 EST
On 06/08/2014 01:42 AM, David Rientjes wrote:
dns_query() credulously assumes that keys are null-terminated and
returns a copy of a memory block that is off by one.
No sign-off? Please read Documentation/SubmittingPatches.
---
net/dns_resolver/dns_query.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index e7b6d53..84871a2 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
len = upayload->datalen;
ret = -ENOMEM;
- *_result = kmalloc(len + 1, GFP_KERNEL);
+ *_result = kzalloc(len + 1, GFP_KERNEL);
if (!*_result)
goto put;
- memcpy(*_result, upayload->data, len + 1);
+ memcpy(*_result, upayload->data, len);
if (_expiry)
*_expiry = rkey->expiry;
kzalloc() would be unnecessary overhead (zeroing definitely comes with a
cost) if you're going to copy to the memory immediately afterwards. Just
leave the kmalloc(), do the memcpy() and explicitly zero terminate it
_result.
You can also replace kmalloc()/memcpy() with kmemdup().
WBR, Sergei
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/