Re: [Linuxptp-devel] [PATCH] port: fix buffer overflow in net_sync_resp_append()

2018-04-06 Thread Richard Cochran
On Fri, Apr 06, 2018 at 05:13:11PM +0200, Miroslav Lichvar wrote: > That's definitely better. Will you fix the patch, or would you like me > to send v2? I'll fix it. Thanks, Richard -- Check out the vibrant tech communit

Re: [Linuxptp-devel] [PATCH] port: fix buffer overflow in net_sync_resp_append()

2018-04-06 Thread Miroslav Lichvar
On Fri, Apr 06, 2018 at 08:09:25AM -0700, Richard Cochran wrote: > On Fri, Apr 06, 2018 at 12:30:08PM +0200, Miroslav Lichvar wrote: > > + char buf[sizeof(*paddr) + 16]; > > Sure, 16 is large enough for a 128 bit ipv6 address, but I'd like this > to be explicit. > > char buf[sizeof(*paddr

Re: [Linuxptp-devel] [PATCH] port: fix buffer overflow in net_sync_resp_append()

2018-04-06 Thread Richard Cochran
On Fri, Apr 06, 2018 at 12:30:08PM +0200, Miroslav Lichvar wrote: > The PortAddress structure has no space for the actual address and should > be used only as a pointer to a larger buffer. Oh man, Sloppy! Time for 1.9.2. > @@ -403,32 +403,34 @@ static int net_sync_resp_append(struct port *p,

[Linuxptp-devel] [PATCH] port: fix buffer overflow in net_sync_resp_append()

2018-04-06 Thread Miroslav Lichvar
The PortAddress structure has no space for the actual address and should be used only as a pointer to a larger buffer. The issue was reported by gcc with enabled source fortification. Signed-off-by: Miroslav Lichvar --- port.c | 28 +++- 1 file changed, 15 insertions(+),