[PATCH v1 1/1] mac_pton: Don't access memory over expected length

From: Andy Shevchenko
Date: Wed Oct 05 2022 - 12:42:55 EST

Next message: Nick Chan: "Re: [PATCH v3 2/2] irqchip/apple-aic: Add support for A7-A11 SoCs"
Previous message: Jeff Layton: "Re: [PATCH v6 8/9] vfs: update times after copying data in __generic_file_write_iter"
Next in thread: Jakub Kicinski: "Re: [PATCH v1 1/1] mac_pton: Don't access memory over expected length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The strlen() may go too far when estimating the length of
the given string. In some cases it may go over the boundary
and crash the system which is the case according to the commit
13a55372b64e ("ARM: orion5x: Revert commit 4904dbda41c8.").

Rectify this by switching to strnlen() for the expected
maximum length of the string.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
---
lib/net_utils.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/net_utils.c b/lib/net_utils.c
index af525353395d..c17201df3d08 100644
--- a/lib/net_utils.c
+++ b/lib/net_utils.c
@@ -6,10 +6,11 @@

bool mac_pton(const char *s, u8 *mac)
{
+ size_t maxlen = 3 * ETH_ALEN - 1;
int i;

/* XX:XX:XX:XX:XX:XX */
- if (strlen(s) < 3 * ETH_ALEN - 1)
+ if (strnlen(s, maxlen) < maxlen)
return false;

/* Don't dirty result unless string is valid MAC. */
--
2.35.1

Next message: Nick Chan: "Re: [PATCH v3 2/2] irqchip/apple-aic: Add support for A7-A11 SoCs"
Previous message: Jeff Layton: "Re: [PATCH v6 8/9] vfs: update times after copying data in __generic_file_write_iter"
Next in thread: Jakub Kicinski: "Re: [PATCH v1 1/1] mac_pton: Don't access memory over expected length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]