2003-08-19 17:01:39

by Guillaume Morin

[permalink] [raw]
Subject: [PATCH] fix cu3088 group write

Hi Linus,

The current cu3088 ccwgroup write code overwrite the last char of the
given arguments. This patch fixes the problem :

--- linux-2.6.0-test3-bk6.orig/drivers/s390/net/cu3088.c 2003-08-19 16:19:32.000000000 +0000
+++ linux-2.6.0-test3-bk6/drivers/s390/net/cu3088.c 2003-08-19 16:22:46.000000000 +0000
@@ -64,7 +64,7 @@
group_write(struct device_driver *drv, const char *buf, size_t count)
{
const char *start, *end;
- char bus_ids[2][BUS_ID_SIZE], *argv[2];
+ char bus_ids[2][BUS_ID_SIZE+1], *argv[2];
int i;
int ret;
struct ccwgroup_driver *cdrv;
@@ -79,7 +79,7 @@

if (!(end = strchr(start, delim[i])))
return count;
- len = min_t(ptrdiff_t, BUS_ID_SIZE, end - start);
+ len = min_t(ptrdiff_t, BUS_ID_SIZE, end - start)+1;
strlcpy (bus_ids[i], start, len);
argv[i] = bus_ids[i];
start = end + 1;


memcpy is not an option since the string will be used with strncmp with
a length > BUS_ID_SIZE.

Please apply.

--
Guillaume Morin <[email protected]>

Build a man a fire, and he'll be warm for a day. Set a man on fire,
and he'll be warm for the rest of his life. (Terry Pratchett)


2003-08-25 14:00:53

by Guillaume Morin

[permalink] [raw]
Subject: [PATCH resend #1] fix cu3088 group write

Hi Linus, Andrew

The current cu3088 ccwgroup write code overwrite the last char of the
given arguments. This following patch fixes the problem. It is been
tested and applies on latest bk.

--- linux-2.6.0-test3-bk6.orig/drivers/s390/net/cu3088.c 2003-08-19 16:19:32.000000000 +0000
+++ linux-2.6.0-test3-bk6/drivers/s390/net/cu3088.c 2003-08-19 16:22:46.000000000 +0000
@@ -64,7 +64,7 @@
group_write(struct device_driver *drv, const char *buf, size_t count)
{
const char *start, *end;
- char bus_ids[2][BUS_ID_SIZE], *argv[2];
+ char bus_ids[2][BUS_ID_SIZE+1], *argv[2];
int i;
int ret;
struct ccwgroup_driver *cdrv;
@@ -79,7 +79,7 @@

if (!(end = strchr(start, delim[i])))
return count;
- len = min_t(ptrdiff_t, BUS_ID_SIZE, end - start);
+ len = min_t(ptrdiff_t, BUS_ID_SIZE, end - start)+1;
strlcpy (bus_ids[i], start, len);
argv[i] = bus_ids[i];
start = end + 1;


memcpy is not an option since the string will be used with strncmp with
a length > BUS_ID_SIZE.

Please apply.

--
Guillaume Morin <[email protected]>

Build a man a fire, and he'll be warm for a day. Set a man on fire,
and he'll be warm for the rest of his life. (Terry Pratchett)

2003-08-26 18:04:37

by Arnd Bergmann

[permalink] [raw]
Subject: Re: [PATCH resend #1] fix cu3088 group write

Guillaume Morin wrote:

> Hi Linus, Andrew
>
> The current cu3088 ccwgroup write code overwrite the last char of the
> given arguments. This following patch fixes the problem. It is been
> tested and applies on latest bk.

Your fix doesn't look right either. The input string should not
be longer than BUS_ID_SIZE, including the trailing zero.
AFAICS, the correct way to solve this is the patch below,
but I did not test it. Thanks for reporting the problem.

Arnd <><

===== drivers/s390/net/cu3088.c 1.5 vs edited =====
--- 1.5/drivers/s390/net/cu3088.c Mon May 26 02:00:00 2003
+++ edited/drivers/s390/net/cu3088.c Mon Aug 25 12:42:39 2003
@@ -79,7 +79,7 @@

if (!(end = strchr(start, delim[i])))
return count;
- len = min_t(ptrdiff_t, BUS_ID_SIZE, end - start);
+ len = min_t(ptrdiff_t, BUS_ID_SIZE, end - start + 1);
strlcpy (bus_ids[i], start, len);
argv[i] = bus_ids[i];
start = end + 1;

2003-08-26 18:20:45

by Guillaume Morin

[permalink] [raw]
Subject: Re: [PATCH resend #1] fix cu3088 group write

Dans un message du 25 ao? ? 12:47, Arnd Bergmann ?crivait :
> Your fix doesn't look right either. The input string should not be
> longer than BUS_ID_SIZE, including the trailing zero. AFAICS, the
> correct way to solve this is the patch below, but I did not test it.

Well, I did not know that BUS_ID_SIZE was including the trailing zero.
The name does not appear to suggest that. BUS_ID_LEN would have been a
better chose for that imho.

I don't know what you call "not right". My fix was the safest bet. It is
right but yours is cleaner.

--
Guillaume Morin <[email protected]>

Marry me girl, be my only fairy to the world (RHCP)

2003-08-26 18:32:28

by Arnd Bergmann

[permalink] [raw]
Subject: Re: [PATCH resend #1] fix cu3088 group write

On Tuesday 26 August 2003 20:21, Guillaume Morin wrote:

> I don't know what you call "not right". My fix was the safest bet. It is
> right but yours is cleaner.

Yes, I only meant that your version wasn't the way I wanted it, not
that it was buggy like my original code.

Arnd <><