[iproute2] ss: Fix allocation of cong control alg name

From: Vadim Kochan <vadim4j@gmail.com>

Use strdup instead of malloc, and get rid of bad strcpy.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
---
 misc/ss.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Hi Vadim,

On 05/29/2015 12:30 PM, Vadim Kochan wrote:
> From: Vadim Kochan <vadim4j@gmail.com>
>
> Use strdup instead of malloc, and get rid of bad strcpy.
>
> Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Please also Cc the reporter (done here), and add a:

Fixes: 8250bc9ff4e5 ("ss: Unify inet sockets output")
Reported-by: Jose R. Guzman Mosqueda <jose.r.guzman.mosqueda@intel.com>

Fixes tag is _very useful_ for distros to easily identify if additional
follow-up commits would be needed when backporting the original change.
Then, this can be easily identified when going through the git log.

> ---
>   misc/ss.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/misc/ss.c b/misc/ss.c
> index 347e3a1..a719466 100644
> --- a/misc/ss.c
> +++ b/misc/ss.c
> @@ -1908,8 +1908,7 @@ static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
>
>   		if (tb[INET_DIAG_CONG]) {
>   			const char *cong_attr = rta_getattr_str(tb[INET_DIAG_CONG]);
> -			s.cong_alg = malloc(strlen(cong_attr + 1));
> -			strcpy(s.cong_alg, cong_attr);
> +			s.cong_alg = strdup(cong_attr);

strdup(3) can still return NULL.

>   		}
>
>   		if (TCPI_HAS_OPT(info, TCPI_OPT_WSCALE)) {
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hi Daniel and Vadim

Thanks for your prompt response and for the patch.

Also, what about the other one? Do you think it is an issue or not?

" File: tc/tc_util.c
Function: void print_rate(char *buf, int len, __u64 rate)
Line: ~264

In the case that user inputs a high value for rate, the "for" loop will exit in the condition meaning that variable "i" get the value of 5 which will be an invalid index for the "units" array due to that array has only 5 elements."

I know a very high value is invalid but in the case that it comes directly from user, it could cause and issue, what do you think?

Thanks,
-José R.




-----Original Message-----
From: Daniel Borkmann [mailto:daniel@iogearbox.net] 
Sent: Friday, May 29, 2015 6:10 AM
To: Vadim Kochan
Cc: netdev@vger.kernel.org; Guzman Mosqueda, Jose R
Subject: Re: [PATCH iproute2] ss: Fix allocation of cong control alg name

Hi Vadim,

On 05/29/2015 12:30 PM, Vadim Kochan wrote:
> From: Vadim Kochan <vadim4j@gmail.com>
>
> Use strdup instead of malloc, and get rid of bad strcpy.
>
> Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Please also Cc the reporter (done here), and add a:

Fixes: 8250bc9ff4e5 ("ss: Unify inet sockets output")
Reported-by: Jose R. Guzman Mosqueda <jose.r.guzman.mosqueda@intel.com>

Fixes tag is _very useful_ for distros to easily identify if additional follow-up commits would be needed when backporting the original change.
Then, this can be easily identified when going through the git log.

> ---
>   misc/ss.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/misc/ss.c b/misc/ss.c
> index 347e3a1..a719466 100644
> --- a/misc/ss.c
> +++ b/misc/ss.c
> @@ -1908,8 +1908,7 @@ static void tcp_show_info(const struct nlmsghdr 
> *nlh, struct inet_diag_msg *r,
>
>   		if (tb[INET_DIAG_CONG]) {
>   			const char *cong_attr = rta_getattr_str(tb[INET_DIAG_CONG]);
> -			s.cong_alg = malloc(strlen(cong_attr + 1));
> -			strcpy(s.cong_alg, cong_attr);
> +			s.cong_alg = strdup(cong_attr);

strdup(3) can still return NULL.

>   		}
>
>   		if (TCPI_HAS_OPT(info, TCPI_OPT_WSCALE)) {
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html