Fix links

david-a-wheeler · david-a-wheeler · commit 194b2319887f · 2022-11-02T01:47:24.000-04:00
Signed-off-by: David A. Wheeler &lt;dwheeler@dwheeler.com&gt;
diff --git a/.github/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml
@@ -11,6 +11,4 @@ MD012: false # MD012/no-multiple-blank
 MD024: false # MD024/no-duplicate-heading/no-duplicate-header
 MD001: false # MD001/heading-increment/header-increment
 # Fix these when you can:
-MD042: false # MD042/no-empty-links
 MD051: false # MD051/link-fragments Link fragments should be valid
-
diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md
@@ -2276,7 +2276,7 @@ One of the simplest ways to ensure an attacker cannot trigger vulnerabilities fr
 
 > 😱 STORY TIME: NetUSB CVE-2021-45608
 
-> An example of an integer overflow leading to a vulnerability is [CVE-2021-45608](), as explained in “[CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers](https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/)” by Sentinel Labs.  The KCodes NetUSB kernel module, used by a large number of network device vendors, had an integer overflow vulnerability. The module took an untrusted client-provided length, added 0x11, and allocated that amount of memory. If the requested length was large (e.g., all 1s in binary), the addition would wrap around, causing a too-small allocation. After that, data would be dumped into the too-small buffer, leading to a buffer overflow.
+> An example of an integer overflow leading to a vulnerability is [CVE-2021-45608](https://nvd.nist.gov/vuln/detail/CVE-2021-45608), as explained in “[CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers](https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/)” by Sentinel Labs.  The KCodes NetUSB kernel module, used by a large number of network device vendors, had an integer overflow vulnerability. The module took an untrusted client-provided length, added 0x11, and allocated that amount of memory. If the requested length was large (e.g., all 1s in binary), the addition would wrap around, causing a too-small allocation. After that, data would be dumped into the too-small buffer, leading to a buffer overflow.
 >
 > This shows that it’s important to check for wraparound when using attacker-controlled data, especially if you use it to make size or out-of-range decisions. Other rules can be learned as well. First, always validate data from an untrusted source (e.g., data from the Internet) - there was no reason to allow any allocation request this big. Second, this module listened to requests from the wide-area network (WAN) instead of just the local area network (LAN); software should minimize privilege to only what's needed to reduce the likelihood or impact of damage if there is a vulnerability.
 

Original file line number	Diff line number	Diff line change
`@@ -2276,7 +2276,7 @@ One of the simplest ways to ensure an attacker cannot trigger vulnerabilities fr`
`2276`	`2276`
`2277`	`2277`	`> 😱 STORY TIME: NetUSB CVE-2021-45608`
`2278`	`2278`
`2279`		-> An example of an integer overflow leading to a vulnerability is [CVE-2021-45608](), as explained in “[CVE-2021-45608 \| NetUSB RCE Flaw in Millions of End User Routers](https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/)” by Sentinel Labs. The KCodes NetUSB kernel module, used by a large number of network device vendors, had an integer overflow vulnerability. The module took an untrusted client-provided length, added 0x11, and allocated that amount of memory. If the requested length was large (e.g., all 1s in binary), the addition would wrap around, causing a too-small allocation. After that, data would be dumped into the too-small buffer, leading to a buffer overflow.
	`2279`	+> An example of an integer overflow leading to a vulnerability is [CVE-2021-45608](https://nvd.nist.gov/vuln/detail/CVE-2021-45608), as explained in “[CVE-2021-45608 \| NetUSB RCE Flaw in Millions of End User Routers](https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/)” by Sentinel Labs. The KCodes NetUSB kernel module, used by a large number of network device vendors, had an integer overflow vulnerability. The module took an untrusted client-provided length, added 0x11, and allocated that amount of memory. If the requested length was large (e.g., all 1s in binary), the addition would wrap around, causing a too-small allocation. After that, data would be dumped into the too-small buffer, leading to a buffer overflow.
`2280`	`2280`	`>`
`2281`	`2281`	> This shows that it’s important to check for wraparound when using attacker-controlled data, especially if you use it to make size or out-of-range decisions. Other rules can be learned as well. First, always validate data from an untrusted source (e.g., data from the Internet) - there was no reason to allow any allocation request this big. Second, this module listened to requests from the wide-area network (WAN) instead of just the local area network (LAN); software should minimize privilege to only what's needed to reduce the likelihood or impact of damage if there is a vulnerability.
`2282`	`2282`