Re: [Dnsmasq-discuss] Announce: dnsmasq-2.69
On Wed, Apr 09, 2014 at 09:36:08PM +0100, Simon Kelley wrote: > On 09/04/14 21:32, Dave Reisner wrote: > > On Wed, Apr 09, 2014 at 09:13:33PM +0100, Simon Kelley wrote: > >> Dnsmasq-2.69 is here. > >> > >> http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.69.tar.gz > >> > >> and (new) a signature > >> > >> http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.69.tar.gz.sign > >> > > > > Hi Simon, > > > > Thanks for providing GPG signatures for the source tarballs. Could I ask > > why you've chosen this particular extension? > > Ignorance, plain and simple. I'm new to this stuff, and not familiar > with the conventions. > > > GPG normally expects .asc > > (ascii armored) or .sig (raw binary) extensions so this is somewhat > > unexpexcted. Verification still works, but it's not documented anywhere > > in gpg's manpage as an expected extension. To complicate matters > > somewhat more, kernel.org uses .sign as an extension but treats the > > situation differently -- they provide a single .sign file but multiple > > compression formats for the source tarballs. The signature validates > > against the decompressed tarball. This doesn't seem to be the case here, > > as the .sign validates against the gzip tarball. > > > > I humbly ask that you use .asc for the signature. > > > Sounds sensible, I'll change it now, before any dependencies form on my > initial setup. Great! Thanks for the quick turnaround! > > > Cheers, > > > Simon. > > > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] [PATCH] Error: SECURE_CODING
On Tue, Apr 23, 2013 at 03:55:11PM +0200, Tomas Hozza wrote: > Coverity output: > dnsmasq-2.66/src/ipset.c:173: secure_coding: [VERY RISKY]. Using > "strcpy" can cause a buffer overflow when done incorrectly. If the > destination string of a strcpy() is not large enough then anything might > happen. Use strncpy() instead. > > I checked the code path and the length is never checked so there > should be strncpy used. But it *is* checked. Just above the chunk that your patch references is the line: if (strlen(setname) >= sizeof(req_adt_get.set.name)) There's an off by one error here, but it's not as bad as Coverity claims. On the other hand, one might point out that if we're taking the length of setname here, you might as well optimize and use memcpy instead of strncpy. > Signed-off-by: Tomas Hozza > --- > src/ipset.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/ipset.c b/src/ipset.c > index f175fa4..fa262d5 100644 > --- a/src/ipset.c > +++ b/src/ipset.c > @@ -170,7 +170,8 @@ static int old_add_to_ipset(const char *setname, const > struct all_addr *ipaddr, > >req_adt_get.op = 0x10; >req_adt_get.version = 3; > - strcpy(req_adt_get.set.name, setname); > + strncpy(req_adt_get.set.name, setname, IPSET_MAXNAMELEN - 1); > + req_adt_get.set.name[IPSET_MAXNAMELEN - 1] = '\0'; >size = sizeof(req_adt_get); >if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) > return -1; > -- > 1.8.1.4 > > > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] [PATCH] ipset: fix incorrect length passed to memset
Exposed by a gcc compiler warning: ipset.c:113:27: warning: argument to 'sizeof' in 'memset' call is the same expression as the destination; did you mean to provide an explicit length? [-Wsizeof-pointer-memaccess] memset(buffer, 0, sizeof(buffer)); --- src/ipset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ipset.c b/src/ipset.c index a34ed96..f175fa4 100644 --- a/src/ipset.c +++ b/src/ipset.c @@ -110,7 +110,7 @@ static int new_add_to_ipset(const char *setname, const struct all_addr *ipaddr, return -1; } - memset(buffer, 0, sizeof(buffer)); + memset(buffer, 0, BUFF_SZ); nlh = (struct nlmsghdr *)buffer; nlh->nlmsg_len = NL_ALIGN(sizeof(struct nlmsghdr)); -- 1.8.2.1 ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
