Re: [Linuxptp-devel] [PATCH] port: fix buffer overflow in net_sync_resp_append()

2018-04-06 Thread Richard Cochran
On Fri, Apr 06, 2018 at 05:13:11PM +0200, Miroslav Lichvar wrote:
> That's definitely better. Will you fix the patch, or would you like me
> to send v2?

I'll fix it.

Thanks,
Richard

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel


Re: [Linuxptp-devel] [PATCH] port: fix buffer overflow in net_sync_resp_append()

2018-04-06 Thread Richard Cochran
On Fri, Apr 06, 2018 at 12:30:08PM +0200, Miroslav Lichvar wrote:
> The PortAddress structure has no space for the actual address and should
> be used only as a pointer to a larger buffer.

Oh man, Sloppy!  Time for 1.9.2.  
 
> @@ -403,32 +403,34 @@ static int net_sync_resp_append(struct port *p, struct 
> ptp_message *m)
>   struct port *best = clock_best_port(p->clock);
>   struct nsm_resp_tlv_head *head;
>   struct Timestamp last_sync;
> - struct PortAddress paddr;
> + struct PortAddress *paddr;
>   struct ptp_message *tmp;
>   struct tlv_extra *extra;
>   unsigned char *ptr;
> + char buf[sizeof(*paddr) + 16];

Sure, 16 is large enough for a 128 bit ipv6 address, but I'd like this
to be explicit.

char buf[sizeof(*paddr) + sizeof(struct sockaddr_storage)];

How about this?

Thanks,
Richard

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel