Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/net/tipc
History
Simon Horman ff9d241811 tipc: guard against string buffer overrun 
[ Upstream commit 6555a2a9212be6983d2319d65276484f7c5f431a ]

Smatch reports that copying media_name and if_name to name_parts may
overwrite the destination.

 .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16)
 .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16)

This does seem to be the case so guard against this possibility by using
strscpy() and failing if truncation occurs.

Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge")

Compile tested only.

Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20240801-tipic-overrun-v2-1-c5b869d1f074@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-23 23:21:38 +01:00
..
addr.c
addr.h
bcast.c net: tipc: avoid possible garbage value 2024-11-23 23:21:19 +01:00
bcast.h
bearer.c tipc: guard against string buffer overrun 2024-11-23 23:21:38 +01:00
bearer.h
core.c
core.h
crypto.c
crypto.h
diag.c
discover.c
discover.h
eth_media.c
group.c
group.h
ib_media.c
Kconfig
link.c
link.h
Makefile
monitor.c
monitor.h
msg.c tipc: fix UAF in error path 2024-11-19 11:32:48 +01:00
msg.h
name_distr.c
name_distr.h
name_table.c
name_table.h
net.c
net.h
netlink.c
netlink.h
netlink_compat.c tipc: Fix kernel-infoleak due to uninitialized TLV value 2024-11-18 11:43:19 +01:00
node.c tipc: force a dst refcount before doing decryption 2024-11-19 14:19:08 +01:00
node.h
socket.c
socket.h
subscr.c
subscr.h
sysctl.c
topsrv.c
topsrv.h
trace.c
trace.h
udp_media.c tipc: Return non-zero value from tipc_udp_addr2str() on error 2024-11-23 23:20:17 +01:00
udp_media.h