Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 28 Feb 2003 13:05:10 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 28 Feb 2003 13:05:10 -0500 Received: from inti.inf.utfsm.cl ([200.1.21.155]:22416 "EHLO inti.inf.utfsm.cl") by vger.kernel.org with ESMTP id ; Fri, 28 Feb 2003 13:05:06 -0500 Message-Id: <200302281814.h1SIEB42005202@eeyore.valparaiso.cl> To: Kevin Corry cc: Joe Perches , "LKML" , Linus Torvalds , Joe Thornber Subject: Re: [PATCH 3/8] dm: prevent possible buffer overflow in ioctl interface In-Reply-To: Your message of "Fri, 28 Feb 2003 08:59:25 MDT." <03022808592509.05199@boiler> Date: Fri, 28 Feb 2003 15:14:11 -0300 From: Horst von Brand Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1527 Lines: 38 Kevin Corry said: > On Friday 28 February 2003 08:32, you wrote: > > On Thu, 2003-02-27 at 14:05, Kevin Corry wrote: > > > Unfortunately, Linus seems to have committed that patch already. So here > > > is a patch to fix just that line. > > > > > > Thanks for catching that. > > > > Third time, strlen isn't necessary, it can be done at compile time. > > > > --- a/drivers/md/dm-ioctl.c 2003/02/27 16:29:58 > > +++ b/drivers/md/dm-ioctl.c 2003/02/27 17:21:54 > > @@ -174,7 +174,7 @@ > > static int register_with_devfs(struct hash_cell *hc) > > { > > struct gendisk *disk = dm_disk(hc->md); > > - char *name = kmalloc(DM_NAME_LEN + strlen(DM_DIR) + 1); > > + char *name = kmalloc(DM_NAME_LEN + sizeof(DM_DIR)); > > if (!name) { > > return -ENOMEM; > > } > > Sorry, I sent the last patch before I got your email. > > Also, the "+1" is still necessary, even if we switch to sizeof. The sprintf > call that follows copies DM_DIR, followed by a slash, followed by the name > from the hash table into the allocated string. The "+1" is for the slash in > the middle. The terminating NULL character is accounted for in > DM_NAME_LEN. Then it was broken before. sizeof("1234") == strlen("1234") + 1 == 5 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/