net: core: inet[46]_pton strlen len types
inet[46]_pton check the input length against a sane length limit (INET[6]_ADDRSTRLEN), but the strlen value gets truncated due to being stored in an int, so there's a theoretical potential for a >4G string to pass the limit test. Use size_t since that's what strlen actually returns. I've had a hunt for callers that could hit this, but I've not managed to find anything that doesn't get checked with some other limit first; but it's possible that I've missed something in the depth of the storage target paths. Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org> Link: https://lore.kernel.org/r/20221029014604.114024-1-linux@treblig.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Родитель
6f1a298b2e
Коммит
44827016be
|
@ -302,7 +302,7 @@ static int inet4_pton(const char *src, u16 port_num,
|
|||
struct sockaddr_storage *addr)
|
||||
{
|
||||
struct sockaddr_in *addr4 = (struct sockaddr_in *)addr;
|
||||
int srclen = strlen(src);
|
||||
size_t srclen = strlen(src);
|
||||
|
||||
if (srclen > INET_ADDRSTRLEN)
|
||||
return -EINVAL;
|
||||
|
@ -322,7 +322,7 @@ static int inet6_pton(struct net *net, const char *src, u16 port_num,
|
|||
{
|
||||
struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr;
|
||||
const char *scope_delim;
|
||||
int srclen = strlen(src);
|
||||
size_t srclen = strlen(src);
|
||||
|
||||
if (srclen > INET6_ADDRSTRLEN)
|
||||
return -EINVAL;
|
||||
|
|
Загрузка…
Ссылка в новой задаче