Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision e3b802ba885b54f4050164c3cfd9e0ba9c73173a authored by Patrick McHardy on 08 September 2008, 01:21:24 UTC, committed by David S. Miller on 08 September 2008, 01:21:24 UTC 
netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul
 
Alexey Dobriyan points out:

1. simple_strtoul() silently accepts all characters for given base even
   if result won't fit into unsigned long. This is amazing stupidity in
   itself, but

2. nf_conntrack_irc helper use simple_strtoul() for DCC request parsing.
   Data first copied into 64KB buffer, so theoretically nothing prevents
   reading past the end of it, since data comes from network given 1).

This is not actually a problem currently since we're guaranteed to have
a 0 byte in skb_shared_info or in the buffer the data is copied to, but
to make this more robust, make sure the string is actually terminated.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 51807e9
History
Tip revision: e3b802ba885b54f4050164c3cfd9e0ba9c73173a authored by Patrick McHardy on 08 September 2008, 01:21:24 UTC
netfilter: nf_conntrack_irc: make sure string is terminated before calling simple_strtoul
Tip revision: e3b802b
File Mode Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
usr
virt
.gitignore -rw-r--r-- 867 bytes
.mailmap -rw-r--r-- 3.6 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 90.7 KB
Kbuild -rw-r--r-- 2.4 KB
MAINTAINERS -rw-r--r-- 99.7 KB
Makefile -rw-r--r-- 55.4 KB
README -rw-r--r-- 16.5 KB
REPORTING-BUGS -rw-r--r-- 3.1 KB

README

back to top