[LTP] [PATCH] syscalls/msgstress01: Fix off by one in array access
Cyril Hrubis
chrubis@suse.cz
Fri May 24 13:59:35 CEST 2024
Hi!
> Then you should validate the received length against the send buffer.
> Without any validation of the received length, there's a possibility of
> buffer overflow.
That is actually being done we compare the received lenght against the
original buffer in:
...
if (msg_recv.data.len != buff->msg.data.len) {
tst_res(TFAIL, "Received the wrong message data length");
...
The buff->msg.data.len is the orignal buffer passed to the msgsnd() so
we make sure that the length is fits the buffer.
We also clear the buffer before each call, so partial message would fail
the test because the comparsion of bytes would fail, which is not ideal,
but again I do not want to further change the test, because there is
much more to fix...
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list