On Sa, 2014-06-07 at 14:42 -0700, David Rientjes wrote: > On Sat, 7 Jun 2014, Manuel Schölling wrote: > > > dns_query() credulously assumes that keys are null-terminated and > > returns a copy of a memory block that is off by one. > > No sign-off? Please read Documentation/SubmittingPatches. It's just not my day today. Sorry, I forgot about the sign-off.
> > --- > > net/dns_resolver/dns_query.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c > > index e7b6d53..84871a2 100644 > > --- a/net/dns_resolver/dns_query.c > > +++ b/net/dns_resolver/dns_query.c > > @@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, > > size_t namelen, > > len = upayload->datalen; > > > > ret = -ENOMEM; > > - *_result = kmalloc(len + 1, GFP_KERNEL); > > + *_result = kzalloc(len + 1, GFP_KERNEL); > > if (!*_result) > > goto put; > > > > - memcpy(*_result, upayload->data, len + 1); > > + memcpy(*_result, upayload->data, len); > > if (_expiry) > > *_expiry = rkey->expiry; > > > > kzalloc() would be unnecessary overhead (zeroing definitely comes with a > cost) if you're going to copy to the memory immediately afterwards. Just > leave the kmalloc(), do the memcpy() and explicitly zero terminate it > _result. Using kzalloc() was suggested of a developer on IRC (#kernelnewbies) but if you prefer kmalloc, that's ok, too. I'll send you a corrected patch in a second. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/