[LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access
Martin Doucha
mdoucha@suse.cz
Fri May 24 13:43:13 CEST 2024
On 24. 05. 24 13:33, Cyril Hrubis wrote:
> Hi!
>> I'd at least add a check that size == data.len + 1.
>
> Which is not true actually because we always send a 100 bytes of data
> regardless the message size, which is probably another oversight.
>
> So let's keep the test as it is for now and I will do more work on it
> after the release.
Then you should validate the received length against the send buffer.
Without any validation of the received length, there's a possibility of
buffer overflow.
--
Martin Doucha mdoucha@suse.cz
SW Quality Engineer
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic
More information about the ltp
mailing list