[PATCH] Remove hardcoded static string length
Kenny Ho
y2kenny at gmail.com
Wed May 24 11:01:17 PDT 2023
On Wed, May 24, 2023 at 1:43 PM Andrew Lunn <andrew at lunn.ch> wrote:
>
> The other end of the socket should not blow up, because that would be
> an obvious DOS or buffer overwrite attack vector. So you need to
> decide, do you want to expose such issues and see if anything does
> actually blow up, or do you want to do a bit more work and correctly
> terminate the string when capped?
Right... I guess it's not clear to me that existing implementations
null-terminate correctly when UTS_RELEASE causes the string to exceed
the 65 byte size of rxrpc_version_string. We can of course do better,
but I hesitate to do strncpy because I am not familiar with this code
base enough to tell if this function is part of some hot path where
strncpy matters.
Regards,
Kenny
More information about the linux-afs
mailing list