[vbox-dev] Buffer overflow in VBoxNetFltInternal.h
Valerio Daelli
valerio.daelli at gmail.com
Sat Mar 7 13:46:43 GMT 2015
Hi,
I am working on a patch on the vboxnetflt kernel module on Linux (3.18.0
kernel).
While inspecting the code of vboxnetlflt, I found something that looks to
me like a buffer overflow.
VBoxNetFltInternal.h declares the structure VBOXNETFLTINS
and one of its members is:
char szName[1];
This array is too small to contain the network device name:
so when there is a copy in VBoxNetFlt.c:
memcpy(pNew->szName, pszName, cchName + 1);
this copy does a buffer overflow of the character array pNew->szName.
Basically you are trying to copy a string like 'eno1'
or another interface name, into a buffer of chars with length 1.
Obviously this implies a buffer overflow.
Thank for your attention,
Valerio Daelli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20150307/ef505891/attachment.html>
More information about the vbox-dev
mailing list