| Message ID | 1351694571-26369-1-git-send-email-nikolay@redhat.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
From: Nikolay Aleksandrov <nikolay@redhat.com> Date: Wed, 31 Oct 2012 15:42:51 +0100 > Fix off-by-one error because IFNAMSIZ == 16 and when this > code gets executed we stick a NULL byte where we should not. > > How to reproduce: > with CONFIG_CC_STACKPROTECTOR=y (otherwise it may pass by silently) > modprobe bonding; echo 1 > /sys/class/net/bond0/bonding/mode; > echo "AAAAAAAAAAAAAAAA" > /sys/class/net/bond0/bonding/primary; > > Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> I've applied both of your patches, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c index dc15d24..238d9b3 100644 --- a/drivers/net/bonding/bond_sysfs.c +++ b/drivers/net/bonding/bond_sysfs.c @@ -1060,7 +1060,7 @@ static ssize_t bonding_store_primary(struct device *d, goto out; } - sscanf(buf, "%16s", ifname); /* IFNAMSIZ */ + sscanf(buf, "%15s", ifname); /* IFNAMSIZ */ /* check to see if we are clearing primary */ if (!strlen(ifname) || buf[0] == '\n') {
Fix off-by-one error because IFNAMSIZ == 16 and when this code gets executed we stick a NULL byte where we should not. How to reproduce: with CONFIG_CC_STACKPROTECTOR=y (otherwise it may pass by silently) modprobe bonding; echo 1 > /sys/class/net/bond0/bonding/mode; echo "AAAAAAAAAAAAAAAA" > /sys/class/net/bond0/bonding/primary; Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> --- drivers/net/bonding/bond_sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)