oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Problems in automatic crash analysis frameworks

From: Marc Deslauriers <marc.deslauriers () canonical com>
Date: Tue, 14 Apr 2015 22:33:38 -0400
On 2015-04-14 08:29 PM, Michael Samuel wrote:

On 15 April 2015 at 07:08, Tavis Ormandy <taviso () google com> wrote:


import socket
socket.socket(socket.AF_UNIX, socket.SOCK_STREAM).bind('test\ntest')
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.bind('/tmp/foo\nbar')
sock.listen(1)


$ grep -A1 foo /proc/net/unix
0000000000000000: 00000002 00000000 00010000 0001 01 4772228 /tmp/foo
bar


This is a Linux kernel flaw/bug right?  It's a machine-readable
newline-delimited
/proc file, so it needs to escape newlines if they're valid data.

Regards,
  Michael



That appears to have been previously brought up here:

http://www.spinics.net/lists/netdev/msg320556.html

Marc.
Previous By Date Next
Previous By Thread Next

Current thread: