forge/linux-pinenote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-pinenote/net/sched
History
Dan Carpenter 0eff683f73 net/sched: potential data corruption 
The reset_policy() does:
        memset(d->tcfd_defdata, 0, SIMP_MAX_DATA);
        strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);

In the original code, the size of d->tcfd_defdata wasn't fixed and if
strlen(defdata) was less than 31, reset_policy() would cause memory
corruption.

Please Note:  The original alloc_defdata() assumes defdata is 32
characters and a NUL terminator while reset_policy() assumes defdata is
31 characters and a NUL.  This patch updates alloc_defdata() to match
reset_policy() (ie a shorter string).  I'm not very familiar with this
code so please review carefully.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-07-14 17:56:37 -07:00
..
act_api.c
act_gact.c
act_ipt.c
act_mirred.c
act_nat.c act_nat: use stack variable 2010-06-30 12:12:37 -07:00
act_pedit.c
act_police.c
act_simple.c net/sched: potential data corruption 2010-07-14 17:56:37 -07:00
act_skbedit.c
cls_api.c
cls_basic.c
cls_cgroup.c
cls_flow.c
cls_fw.c
cls_route.c
cls_rsvp.c
cls_rsvp.h
cls_rsvp6.c
cls_tcindex.c
cls_u32.c
em_cmp.c
em_meta.c
em_nbyte.c
em_text.c
em_u32.c
ematch.c
Kconfig
Makefile
sch_api.c
sch_atm.c
sch_blackhole.c
sch_cbq.c
sch_drr.c
sch_dsmark.c
sch_fifo.c
sch_generic.c
sch_gred.c
sch_hfsc.c
sch_htb.c
sch_ingress.c
sch_mq.c
sch_multiq.c
sch_netem.c
sch_prio.c
sch_red.c
sch_sfq.c
sch_tbf.c
sch_teql.c