Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Thu, 27 Feb 2003 06:53:51 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Thu, 27 Feb 2003 06:53:51 -0500 Received: from inti.inf.utfsm.cl ([200.1.21.155]:38876 "EHLO inti.inf.utfsm.cl") by vger.kernel.org with ESMTP id ; Thu, 27 Feb 2003 06:53:50 -0500 Message-Id: <200302262104.h1QL4aiC001941@eeyore.valparaiso.cl> To: Joe Thornber cc: Linus Torvalds , Linux Mailing List , vonbrand@eeyore.valparaiso.cl Subject: Re: [PATCH 3/8] dm: prevent possible buffer overflow in ioctl interface In-Reply-To: Your message of "Wed, 26 Feb 2003 17:09:27 -0000." <20030226170927.GC8369@fib011235813.fsnet.co.uk> Date: Wed, 26 Feb 2003 18:04:36 -0300 From: Horst von Brand Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1341 Lines: 31 Joe Thornber said: > Use the correct size for "name" in register_with_devfs(). > > During Al Viro's devfs cleanup a few versions ago, this function was > rewritten, and the "name" string added. The 32-byte size is not large > enough to prevent a possible buffer overflow in the sprintf() call, > since the hash cell can have a name up to 128 characters. > > [Kevin Corry] > > --- diff/drivers/md/dm-ioctl.c 2003-02-26 16:09:42.000000000 +0000 > +++ source/drivers/md/dm-ioctl.c 2003-02-26 16:09:52.000000000 +0000 > @@ -173,7 +173,7 @@ > */ > static int register_with_devfs(struct hash_cell *hc) > { > - char name[32]; > + char name[DM_NAME_LEN + strlen(DM_DIR) + 1]; This either makes a large name array or generates a possibly huge array at runtime (bad if your stack is < 8KiB). -- Dr. Horst H. von Brand User #22616 counter.li.org Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/