Re: [PATCH] Remove hardcoded static string length

From: Kenny Ho
Date: Wed May 24 2023 - 14:01:42 EST

Next message: Dave Hansen: "Re: [EXTERNAL] Re: [PATCH 1/2] x86/Kconfig: Allow CONFIG_X86_MPPARSE disable for OF platforms"
Previous message: Luis Chamberlain: "Re: [linux-next:master] [sysctl] 7eec88986d: sysctl_table_check_failed"
In reply to: Andrew Lunn: "Re: [PATCH] Remove hardcoded static string length"
Next in thread: David Laight: "RE: [PATCH] Remove hardcoded static string length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 24, 2023 at 1:43 PM Andrew Lunn <andrew@xxxxxxx> wrote:
>
> The other end of the socket should not blow up, because that would be
> an obvious DOS or buffer overwrite attack vector. So you need to
> decide, do you want to expose such issues and see if anything does
> actually blow up, or do you want to do a bit more work and correctly
> terminate the string when capped?

Right... I guess it's not clear to me that existing implementations
null-terminate correctly when UTS_RELEASE causes the string to exceed
the 65 byte size of rxrpc_version_string. We can of course do better,
but I hesitate to do strncpy because I am not familiar with this code
base enough to tell if this function is part of some hot path where
strncpy matters.

Regards,
Kenny

Next message: Dave Hansen: "Re: [EXTERNAL] Re: [PATCH 1/2] x86/Kconfig: Allow CONFIG_X86_MPPARSE disable for OF platforms"
Previous message: Luis Chamberlain: "Re: [linux-next:master] [sysctl] 7eec88986d: sysctl_table_check_failed"
In reply to: Andrew Lunn: "Re: [PATCH] Remove hardcoded static string length"
Next in thread: David Laight: "RE: [PATCH] Remove hardcoded static string length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]