Hacker News new | comments | show | ask | jobs | submit login

I would be careful, a critical buffer overflow vulnerability was just found in the Douane kernel module: https://github.com/Douane/douane-dkms/commit/61023b91fbafab8...



Comments like this never fail to make me smile:

    +  // Don't do anything if the process_path length is > PATH_LENGTH
    +  if (strlen(process_path) > PATH_LENGTH)
    +    return;


And it's still wrong, since strncpy() doesn't null terminate: it null pads. That means that if the string is longer than the buffer, it will not be correctly terminated.


They do check the string size before using strncpy though, so it should be fine


The check is off by one. If it's equal in length to the buffer, then the buffer will not be nul terminated.


strcpy() in a kernel module. This is quite horrifying.




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: