Re: SECURITY - data leakage due to incorrect strncpy implementation

Alan Cox (alan@lxorguk.ukuu.org.uk)
11 Jul 2003 23:10:24 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Herbert Pötzl: "2.4.22 devfs/zlib outstanding updates ..."
Previous message: Jeff Garzik: "Re: Linux 2.4.22-pre5"
In reply to: Alan Cox: "SECURITY - data leakage due to incorrect strncpy implementation"
Next in thread: Linus Torvalds: "Re: SECURITY - data leakage due to incorrect strncpy implementation"

Ok an update:

2.4 you have a problem if your port uses the lib/string.c
implementation. x86 does not and is ok (very nifty implementation of the
zeroing too)

That appears to be:

Not vulnerable: x86
Buggy generic: ARM, CRIS, IA-64, PA-RISC, S/390, SH64, SPARC, SPARC64,
X86-64
Buggy asm: m68k, mips (?), sh,
Unknown: alpha, ppc

2.5 you have problems all over the place from wrong strlcpy conversions,
but those are easy enough to clean up before 2.6.0
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Herbert Pötzl: "2.4.22 devfs/zlib outstanding updates ..."
Previous message: Jeff Garzik: "Re: Linux 2.4.22-pre5"
In reply to: Alan Cox: "SECURITY - data leakage due to incorrect strncpy implementation"
Next in thread: Linus Torvalds: "Re: SECURITY - data leakage due to incorrect strncpy implementation"