On Wed, 02 Dec 2020 10:27:18 +0100 Martin Schiller wrote:
> On 2020-12-01 16:15, Dan Carpenter wrote:
> > The .x25_addr[] address comes from the user and is not necessarily
> > NUL terminated. This leads to a couple problems. The first problem is
> > that the strlen() in x25_bind() can read beyon
On 2020-12-01 16:15, Dan Carpenter wrote:
The .x25_addr[] address comes from the user and is not necessarily
NUL terminated. This leads to a couple problems. The first problem is
that the strlen() in x25_bind() can read beyond the end of the buffer.
The second problem is more subtle and could
; dannywang(王宇) ;
> kernel-janit...@vger.kernel.org
> Subject: [PATCH net v2] net/x25: prevent a couple of overflows(Internet mail)
>
> The .x25_addr[] address comes from the user and is not necessarily NUL
> terminated. This leads to a couple problems. The first problem is that the
&
The .x25_addr[] address comes from the user and is not necessarily
NUL terminated. This leads to a couple problems. The first problem is
that the strlen() in x25_bind() can read beyond the end of the buffer.
The second problem is more subtle and could result in memory corruption.
The call tree i