Hi Jose, On Thu, May 28, 2015 at 09:12:15PM +0000, Guzman Mosqueda, Jose R wrote: > > Hi all > > I'm Jose Guzman from a security team at Intel. > We're using iproute2 in a GNU-Linux project and I'm analyzing the code > to try to find possible issues/gaps/risks. > Since I'm not too familiar with the package yet I have a question about > a particular piece of code that could result in a memory corruption: > > Version: 4.0.0 > File: misc/ss.c > Function: static void tcp_show_info(...) > Line: ~1903 > Description: There is a memory allocation for a "s.cong_alg" variable: > s.cong_alg = malloc(strlen(cong_attr + 1)); > The length is calculated about next position of the starting character. > But next line there is a copy of the whole content: > strcpy(s.cong_alg, cong_attr); > I think there is a mistake and it should be something like: > s.cong_alg = malloc(strlen(cong_attr) + 1); I think strdup can be used here. I will send a patch.
Thank You! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
