Re: CVE-2024-49995: tipc: guard against string buffer overrun
From: Greg Kroah-Hartman
Date: Thu Apr 24 2025 - 09:45:09 EST
On Thu, Apr 24, 2025 at 02:15:43PM +0530, Harshit Mogalapalli wrote:
> Hi,
>
>
> On 24/04/25 13:47, Dan Carpenter wrote:
> > On Thu, Apr 24, 2025 at 11:41:01AM +0530, Harshit Mogalapalli wrote:
> ...
> > >
> > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6555a2a9212be6983d2319d65276484f7c5f431a&context=30
> > >
> > >
> > > /* validate component parts of bearer name */
> > > if ((media_len <= 1) || (media_len > TIPC_MAX_MEDIA_NAME) ||
> > > (if_len <= 1) || (if_len > TIPC_MAX_IF_NAME))
> > > return 0;
> > >
> > > /* return bearer name components, if necessary */
> > > if (name_parts) {
> > > - strcpy(name_parts->media_name, media_name);
> > > - strcpy(name_parts->if_name, if_name);
> > > + if (strscpy(name_parts->media_name, media_name,
> > > + TIPC_MAX_MEDIA_NAME) < 0)
> > > + return 0;
> > > + if (strscpy(name_parts->if_name, if_name,
> > > + TIPC_MAX_IF_NAME) < 0)
> > > + return 0;
> > > }
> > > return 1;
> > >
> > >
> > >
> > > both media_len and if_len have validation checks above the if(name_parts)
> > > check. So I think this patch just silences the static checker warnings.
> > >
> > > Simon/Dan , could you please help confirming that ?
> >
> > Correct. The "validate component parts of bearer name" checks are
> > sufficient. This will not affect runtime.
> >
>
> Thanks a lot Dan and Simon for confirming this.
>
> Greg: Should we get this CVE-2024-49995 revoked ?
Yup, now rejected, thanks for the review!
greg k-h