Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261405AbUJHSe5 (ORCPT ); Fri, 8 Oct 2004 14:34:57 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264639AbUJHSe3 (ORCPT ); Fri, 8 Oct 2004 14:34:29 -0400 Received: from chaos.analogic.com ([204.178.40.224]:4992 "EHLO chaos.analogic.com") by vger.kernel.org with ESMTP id S261232AbUJHScI (ORCPT ); Fri, 8 Oct 2004 14:32:08 -0400 Date: Fri, 8 Oct 2004 14:31:27 -0400 (EDT) From: "Richard B. Johnson" Reply-To: root@chaos.analogic.com To: Greg KH cc: Stephen Hemminger , linus@osdl.org, akpm@osdl.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] protect against buggy drivers In-Reply-To: <20041008175058.GA2232@kroah.com> Message-ID: References: <1097254421.16787.27.camel@localhost.localdomain> <20041008171414.GA28001@kroah.com> <20041008175058.GA2232@kroah.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2180 Lines: 63 On Fri, 8 Oct 2004, Greg KH wrote: > On Fri, Oct 08, 2004 at 01:29:40PM -0400, Richard B. Johnson wrote: >> On Fri, 8 Oct 2004, Greg KH wrote: >> >>> On Fri, Oct 08, 2004 at 09:53:41AM -0700, Stephen Hemminger wrote: >>>> + strlen(name) >= KOBJ_NAME_LEN || >>> >>> There's no need for this check, if we fix the other usage of >>> cdev->kobj.name in this file to use the proper kobject_name() and >>> kobject_set_name() functions. >> >> Well the module name is passed in register/unregister_chrdev(). It >> was not documented as the allowed length of the name so it was >> possible to install a device and then only "partially" uninstall >> the device so a subsequent open of the device-file would crash >> the kernel. A device name of : >> >> "Octrangle Contrabulator" 23 characters >> >> ... in a test program was sufficiently-long to kill the kernel. >> I recommend truncating any name to an acceptable length. This >> would show up in /proc/iomem, etc., prompting the developer >> to shorten the name. >> >> Also, the new length of 20 characters is probably too short. >> There was no such limitation on 2.4.x, where many modules >> are being ported from. > > That's why I said this check should not go in, and the cdev code fixed > to use the proper functions. That would enable you to have as long as a > name as you wanted to. > > thanks, > > greg k-h > In the meantime, can we do something like: --- linux-2.6.8/fs/char_dev.c.orig 2004-10-08 14:24:03.838389344 -0400 +++ linux-2.6.8/fs/char_dev.c 2004-10-08 14:26:51.059967800 -0400 @@ -206,7 +206,7 @@ cdev->owner = fops->owner; cdev->ops = fops; - strcpy(cdev->kobj.name, name); + strncpy(cdev->kobj.name, name, KOBJ_NAME_LEN-1); for (s = strchr(cdev->kobj.name, '/'); s; s = strchr(s, '/')) *s = '!'; Cheers, Dick Johnson Penguin : Linux version 2.6.8 on an i686 machine (5537.79 BogoMips). Note 96.31% of all statistics are fiction. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/