openharmony/third_party_libnl
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_libnl synced 2025-02-25 22:07:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

xfrm: check length of alg_name before strcpying it

Browse Source 
If the parameter alg_name points to a string longer then what libnl
accepts as alg_name, the call to strcpy may write far beyond the
particular data structure.
Instead of truncating the string (using strncpy) this patch adds a check
and returns -1 for strings being longer than 63 bytes.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Signed-off-by: Thomas Haller <thaller@redhat.com>

Fixes: 917154470895520a77f527343f3a0cc1605934b0

http://lists.infradead.org/pipermail/libnl/2016-May/002133.html
This commit is contained in:
Thomas Egerer 2016-05-31 17:30:03 +02:00 committed by Thomas Haller
parent 6e37f6f981
commit bd3791dcf3
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/xfrm/sa.c
View File

@ -1635,7 +1635,7 @@ int xfrmnl_sa_set_aead_params (struct xfrmnl_sa* sa, char* alg_name, unsigned in
/* Free up the old key and allocate memory to hold new key */
if (sa->aead)
free (sa->aead);
if ((sa->aead = calloc (1, newlen)) == NULL)
if (strlen (alg_name) >= sizeof (sa->aead->alg_name) || (sa->aead = calloc (1, newlen)) == NULL)
return -1;
/* Save the new info */
@ -1672,7 +1672,7 @@ int xfrmnl_sa_set_auth_params (struct xfrmnl_sa* sa, char* alg_name, unsigned in
/* Free up the old auth data and allocate new one */
if (sa->auth)
free (sa->auth);
if ((sa->auth = calloc (1, newlen)) == NULL)
if (strlen (alg_name) >= sizeof (sa->auth->alg_name) || (sa->auth = calloc (1, newlen)) == NULL)
return -1;
/* Save the new info */
@ -1708,7 +1708,7 @@ int xfrmnl_sa_set_crypto_params (struct xfrmnl_sa* sa, char* alg_name, unsigned
/* Free up the old crypto and allocate new one */
if (sa->crypt)
free (sa->crypt);
if ((sa->crypt = calloc (1, newlen)) == NULL)
if (strlen (alg_name) >= sizeof (sa->crypt->alg_name) || (sa->crypt = calloc (1, newlen)) == NULL)
return -1;
/* Save the new info */
@ -1743,7 +1743,7 @@ int xfrmnl_sa_set_comp_params (struct xfrmnl_sa* sa, char* alg_name, unsigned in
/* Free up the old compression algo params and allocate new one */
if (sa->comp)
free (sa->comp);
if ((sa->comp = calloc (1, newlen)) == NULL)
if (strlen (alg_name) >= sizeof (sa->comp->alg_name) || (sa->comp = calloc (1, newlen)) == NULL)
return -1;
/* Save the new info */