github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
98afe6dfde
linux/lib
History
Pablo Neira dbd3f730cf netlink: don't compare the nul-termination in nla_strcmp 
[ Upstream commit 8b7b932434 ]

nla_strcmp compares the string length plus one, so it's implicitly
including the nul-termination in the comparison.

 int nla_strcmp(const struct nlattr *nla, const char *str)
 {
        int len = strlen(str) + 1;
        ...
                d = memcmp(nla_data(nla), str, len);

However, if NLA_STRING is used, userspace can send us a string without
the nul-termination. This is a problem since the string
comparison will not match as the last byte may be not the
nul-termination.

Fix this by skipping the comparison of the nul-termination if the
attribute data is nul-terminated. Suggested by Thomas Graf.

Cc: Florian Westphal <fw@strlen.de>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-04-14 06:42:18 -07:00
..
lzo
mpi lib/mpi/mpicoder.c: looping issue, need stop when equal to zero, found by 'EXTRA_FLAGS=-W'. 2013-06-12 16:29:44 -07:00
raid6
reed_solomon
xz
zlib_deflate
zlib_inflate
.gitignore
argv_split.c argv_split(): teach it to handle mutable strings 2013-04-29 18:28:19 -07:00
asn1_decoder.c
atomic64_test.c
atomic64.c
audit.c
average.c
bcd.c
bch.c
bitmap.c
bitrev.c
bsearch.c
btree.c
bug.c
build_OID_registry
bust_spinlocks.c
check_signature.c
checksum.c
clz_tab.c
cmdline.c
cordic.c
cpu_rmap.c
cpu-notifier-error-inject.c
cpumask.c
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
crc7.c
crc8.c
crc16.c
crc32.c
crc32defs.h
ctype.c
debug_locks.c
debugobjects.c
dec_and_lock.c
decompress_bunzip2.c
decompress_inflate.c lib/decompressors: fix "no limit" output buffer length 2014-02-06 11:08:12 -08:00
decompress_unlzma.c
decompress_unlzo.c
decompress_unxz.c
decompress.c lib/decompress.c: fix initconst 2013-04-30 17:04:09 -07:00
devres.c
digsig.c
div64.c Revert "math64: New div64_u64_rem helper" 2013-04-30 19:13:05 +02:00
dma-debug.c
dump_stack.c dump_stack: consolidate dump_stack() implementations and unify their behaviors 2013-04-30 17:04:02 -07:00
dynamic_debug.c dynamic_debug: reuse generic string_unescape function 2013-04-30 17:04:03 -07:00
dynamic_queue_limits.c
earlycpio.c
extable.c
fault-inject.c lib/: rename random32() to prandom_u32() 2013-04-29 18:28:42 -07:00
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
fdt.c
find_last_bit.c
find_next_bit.c
flex_array.c
flex_proportions.c
gcd.c
gen_crc32table.c
genalloc.c lib/genalloc.c: fix overflow of ending address of memory chunk 2013-12-11 22:36:28 -08:00
halfmd4.c
hexdump.c
hweight.c
idr.c idr: introduce idr_alloc_cyclic() 2013-04-29 18:28:41 -07:00
inflate.c
int_sqrt.c
interval_tree_test_main.c
interval_tree.c
iomap_copy.c
iomap.c
iommu-helper.c
ioremap.c
iovec.c Hoist memcpy_fromiovec/memcpy_toiovec into lib/ 2013-05-20 10:24:22 +09:30
irq_regs.c
is_single_threaded.c
jedec_ddr_data.c
kasprintf.c
Kconfig
Kconfig.debug lib/Kconfig.debug: Restrict FRAME_POINTER for MIPS 2013-07-28 16:30:12 -07:00
Kconfig.kgdb
Kconfig.kmemcheck
kfifo.c
klist.c klist: del waiter from klist_remove_waiters before wakeup waitting process 2013-05-21 10:16:39 -07:00
kobject_uevent.c
kobject.c kref: minor cleanup 2013-05-07 16:09:00 -07:00
kstrtox.c
kstrtox.h
lcm.c
libcrc32c.c
list_debug.c
list_sort.c lib/: rename random32() to prandom_u32() 2013-04-29 18:28:42 -07:00
llist.c
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
lru_cache.c
Makefile x86, hweight: Fix BUG when booting with CONFIG_GCOV_PROFILE_ALL=y 2014-02-20 11:06:11 -08:00
md5.c
memory-notifier-error-inject.c
memweight.c
nlattr.c netlink: don't compare the nul-termination in nla_strcmp 2014-04-14 06:42:18 -07:00
notifier-error-inject.c
notifier-error-inject.h
of-reconfig-notifier-error-inject.c
oid_registry.c Give the OID registry file module info to avoid kernel tainting 2013-05-05 14:38:00 -07:00
parser.c
pci_iomap.c
percpu_counter.c
percpu-rwsem.c
plist.c
pm-notifier-error-inject.c
prio_heap.c
proportions.c
radix-tree.c
random32.c random32: fix off-by-one in seeding requirement 2013-12-08 07:29:24 -08:00
ratelimit.c
rational.c
rbtree_test.c rbtree_test: add __init/__exit annotations 2013-04-30 17:04:07 -07:00
rbtree.c
reciprocal_div.c
rwsem-spinlock.c rwsem: simplify __rwsem_do_wake 2013-05-07 07:20:16 -07:00
rwsem.c rwsem: check counter to avoid cmpxchg calls 2013-05-07 16:11:51 -07:00
scatterlist.c lib/scatterlist.c: don't flush_kernel_dcache_page on slab page 2013-11-13 12:05:33 +09:00
sha1.c
show_mem.c
smp_processor_id.c
sort.c
spinlock_debug.c
stmp_device.c
string_helpers.c lib/string_helpers: introduce generic string_unescape 2013-04-30 17:04:03 -07:00
string.c
strncpy_from_user.c
strnlen_user.c
swiotlb.c
syscall.c
test-kstrtox.c
test-string_helpers.c lib/string_helpers: introduce generic string_unescape 2013-04-30 17:04:03 -07:00
textsearch.c
timerqueue.c
ts_bm.c
ts_fsm.c
ts_kmp.c
ucs2_string.c
usercopy.c Kconfig: consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS 2013-04-30 17:04:09 -07:00
uuid.c uuid: use prandom_bytes() 2013-04-29 18:28:42 -07:00
vsprintf.c vsprintf: check real user/group id for %pK 2013-12-04 10:56:06 -08:00