RE: [patch] isdn: make sure strings are null terminated

[patch] isdn: make sure strings are null terminated · Dan Carpenter <hidden> · 2011-11-23
Re: [patch] isdn: make sure strings are null terminated · Eric Dumazet <hidden> · 2011-11-23
Re: [patch] isdn: make sure strings are null terminated · Dan Carpenter <hidden> · 2011-11-23
[patch v2] isdn: make sure strings are null terminated · Dan Carpenter <hidden> · 2011-11-24
Re: [patch v2] isdn: make sure strings are null terminated · David Miller <davem@davemloft.net> · 2011-11-29
Re: [patch] isdn: make sure strings are null terminated · walter harms <hidden> · 2011-11-23
Re: [patch] isdn: make sure strings are null terminated · Dan Carpenter <hidden> · 2011-11-24
Re: [patch] isdn: make sure strings are null terminated · walter harms <hidden> · 2011-11-24
RE: [patch] isdn: make sure strings are null terminated · David Laight <hidden> · 2011-11-24
Re: [patch] isdn: make sure strings are null terminated · Karsten Keil <hidden> · 2011-11-24

From: David Laight <hidden>
Date: 2011-11-24 12:31:55
Also in: kernel-janitors

quoted
quoted
quoted
+			if (strlen(dioctl.cf_ctrl.msn) >=

sizeof(dioctl.cf_ctrl.msn))

quoted
quoted
quoted
+				return -EINVAL;

...

So far i see you do not get a string, you get a structure. And 
it will hard to validate the element is a useful string.
I think my (sledgehammer) method is ok here because you
make sure that all later calls (strcmp,strcpy) will succeed.
If someone supplies a bad string the later calls will catch 
by failing to identify and return a proper code from there
(at least i hope so).

re,
 wh

Except that the strlen() can run right off the end
of the structure - and might eventually fault.
You need to use something like strnlen().

	David

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help