Skip to content

bpo-35050: AF_ALG length check off-by-one error #10058

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 10, 2018
Merged

bpo-35050: AF_ALG length check off-by-one error #10058

merged 3 commits into from
Dec 10, 2018

Conversation

tiran
Copy link
Member

@tiran tiran commented Oct 23, 2018
edited by bedevere-bot
Loading

The length check for AF_ALG salg_name and salg_type had a off-by-one
error. The code assumed that both values are not necessarily NULL
terminated. However the Kernel code for alg_bind() ensures that the last
byte of both strings are NULL terminated.

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue35050

@tiran tiran added type-bug An unexpected behavior, bug, or error needs backport to 3.6 labels Oct 23, 2018
@tiran tiran requested a review from vstinner October 23, 2018 13:21
@tiran
bpo-35050: AF_ALG length check off-by-one error
149840e 
The length check for AF_ALG salg_name and salg_type had a off-by-one
error. The code assumed that both values are not necessarily NULL
terminated. However the Kernel code for alg_bind() ensures that the last
byte of both strings are NULL terminated.

Signed-off-by: Christian Heimes <christian@python.org>
@tiran tiran force-pushed the bpo-35050-af_alg_null branch from 2a5e820 to 149840e Compare October 23, 2018 13:22
vstinner
vstinner requested changes Oct 23, 2018
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but

Misc/NEWS.d/next/Core and Builtins/2018-10-23-15-03-53.bpo-35050.49wraS.rst Outdated
@@ -0,0 +1 @@
Fix off-by-one bug in length check for AF_ALG name and type.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please mention the socket module somewhere

@bedevere-bot
Copy link

When you're done making the requested changes, leave the comment: I have made the requested changes; please review again.

@vstinner
Merge branch 'master' into bpo-35050-af_alg_null
700efa4
@vstinner
Minor changes
a739db3 
* reformat a comment
* close the socket in the unit test
vstinner
vstinner reviewed Dec 10, 2018
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tiran: I modified your PR to fix the 3 minor issues that I spotted.

vstinner
vstinner approved these changes Dec 10, 2018
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@vstinner vstinner merged commit 2eb6ad8 into python:master Dec 10, 2018
@miss-islington
Copy link
Contributor

Thanks @tiran for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.6, 3.7.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry, @tiran and @vstinner, I could not cleanly backport this to 3.7 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 2eb6ad8578fa9d764c21a92acd8e054e3202ad19 3.7

@miss-islington
Copy link
Contributor

Sorry, @tiran and @vstinner, I could not cleanly backport this to 3.6 due to a conflict.
Please backport using cherry_picker on command line.
cherry_picker 2eb6ad8578fa9d764c21a92acd8e054e3202ad19 3.6

@bedevere-bot
Copy link

GH-11069 is a backport of this pull request to the 3.7 branch.

@bedevere-bot
Copy link

GH-11070 is a backport of this pull request to the 3.6 branch.

vstinner added a commit that referenced this pull request Dec 10, 2018
@vstinner
bpo-35050: AF_ALG length check off-by-one error (GH-10058) (GH-11070)
bad41ce 
The length check for AF_ALG salg_name and salg_type had a off-by-one
error. The code assumed that both values are not necessarily NULL
terminated. However the Kernel code for alg_bind() ensures that the last
byte of both strings are NULL terminated.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2eb6ad8)
vstinner added a commit that referenced this pull request Dec 10, 2018
@vstinner
bpo-35050: AF_ALG length check off-by-one error (GH-10058) (GH-11069)
1a7b62d 
The length check for AF_ALG salg_name and salg_type had a off-by-one
error. The code assumed that both values are not necessarily NULL
terminated. However the Kernel code for alg_bind() ensures that the last
byte of both strings are NULL terminated.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2eb6ad8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner vstinner approved these changes

Assignees

@vstinner vstinner

Labels
type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tiran @bedevere-bot @miss-islington @vstinner @the-knights-who-say-ni