Re: nd6_rtr.c possible buffer overflow ?

To: tech-net%netbsd.org@localhost
Subject: Re: nd6_rtr.c possible buffer overflow ?
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Thu, 3 Oct 2013 18:38:49 +0200

On Thu, Oct 03, 2013 at 08:58:17AM -0700, Loganaden Velvindron wrote:
> Assuming that if_name(ifp) is the maximum size, wouldn't that possibly lead to
> an unterminated string.

Maximum size includes the \0?

> In such a case, wouldn't strlcpy be better ?

Not for the given reason, but it would be slightly less awful in terms
of performance as ifra is already zero initialised before. If changing
it, it should still get an explicit comment about that as we don't want
to leak content of the kernel stack.

Joerg

References:
- nd6_rtr.c possible buffer overflow ?
  - From: Loganaden Velvindron

Prev by Date: nd6_rtr.c possible buffer overflow ?
Next by Date: ip6_output.c function returned value not checked
Previous by Thread: nd6_rtr.c possible buffer overflow ?
Next by Thread: ip6_output.c function returned value not checked
Indexes:

Home | Main Index | Thread Index | Old Index