Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: WANG Cong

Subject: Re: [PATCH] time: fix sysfs_show_{available,current}_clocksources() buffer overflow problem

Date: Thursday, November 8, 2007 - 5:11 am

On Thu, Nov 08, 2007 at 07:47:41PM +0800, WANG Cong wrote:
quoted text>On Thu, Nov 08, 2007 at 06:53:40PM +0800, Miao Xie wrote:
>>Hi,every one.
>>  I found that there is a buffer overflow problem in the following code.
>>
>>Version:	2.6.24-rc2,
>>File:		kernel/time/clocksource.c:417-432
>>--------------------------------------------------------------------
>>static ssize_t
>>sysfs_show_available_clocksources(struct sys_device *dev, char *buf)
>>{
>>	struct clocksource *src;
>>	char *curr = buf;
>>
>>	spin_lock_irq(&clocksource_lock);
>>	list_for_each_entry(src, &clocksource_list, list) {
>>		curr += sprintf(curr, "%s ", src->name);
>>	}
>>	spin_unlock_irq(&clocksource_lock);
>>
>>	curr += sprintf(curr, "\n");
>>
>>	return curr - buf;
>>}
>>-----------------------------------------------------------------------
>>
>>sysfs_show_current_clocksources() also has the same problem though in 
>>practice
>>the size of current clocksource's name won't exceed PAGE_SIZE.
>>
>>I fix the bug by using snprintf according to the specification of the kernel
>>(Version:2.6.24-rc2,File:Documentation/filesystems/sysfs.txt)
>>
>>Fix sysfs_show_available_clocksources() and 
>>sysfs_show_current_clocksources()
>>buffer overflow problem with snprintf().
>>
>>Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
>>
>>---
>> kernel/time/clocksource.c |   19 ++++++++++---------
>> 1 files changed, 10 insertions(+), 9 deletions(-)
>>
>>diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
>>index c8a9d13..5d5926f 100644
>>--- a/kernel/time/clocksource.c
>>+++ b/kernel/time/clocksource.c
>>@@ -342,15 +342,13 @@ void clocksource_change_rating(struct clocksource 
>>*cs, int rating)
>> static ssize_t
>> sysfs_show_current_clocksources(struct sys_device *dev, char *buf)
>> {
>>-	char *curr = buf;
>>+	ssize_t count = 0;
>>
>> 	spin_lock_irq(&clocksource_lock);
>>-	curr += sprintf(curr, "%s ", curr_clocksource->name);
>>+	count = snprintf(buf, PAGE_SIZE, "%s\n", curr_clocksource->name);
>
>Yes, snprintf is safer than sprintf. But here, the 'count' will be
>mis-pointed when snprintf returns no less than PAGE_SIZE (what you called
>overflow). So you may also need:
>
>	if (unlikely(count >= PAGE_SIZE))
>		count = PAGE_SIZE - 1;
>
>Just a simple guess. ;)

Or try scnprintf. ;)


-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] time: fix sysfs_show_{available,current}_clocksour ..., Miao Xie, (Thu Nov 8, 3:53 am)

Re: [PATCH] time: fix sysfs_show_{available,current}_clock ..., WANG Cong, (Thu Nov 8, 4:47 am)

Re: [PATCH] time: fix sysfs_show_{available,current}_clock ..., WANG Cong, (Thu Nov 8, 5:11 am)

Re: [PATCH] time: fix sysfs_show_{available,current}_clock ..., Miao Xie, (Sat Nov 10, 8:29 pm)

Re: [PATCH] time: fix sysfs_show_{available,current}_clock ..., WANG Cong, (Sat Nov 10, 9:09 pm)

Navigation

Popular discussions


linux-kernel:
Ingo Molnar	Re: [PATCH 0/3] v2 Make hierarchical RCU less IPI-happy and add more tracing
Jeremy Fitzhardinge	Re: Linux 2.6.28.10 and Linux 2.6.29.6 XEN Guest Support Broken x86_64 in BUILD
Nick Piggin	Re: [patch] CFS (Completely Fair Scheduler), v2
Gary Hade	Re: [PATCH 0/5][RFC] Physical PCI slot objects
Dave Johnson	Re: expected behavior of PF_PACKET on NETIF_F_HW_VLAN_RX device?
linux-netdev:
Arnd Bergmann	Re: 64-bit net_device_stats
Stephens, Allan	RE: [PATCH]: tipc: Fix oops on send prior to entering networked mode
frank.blaschka	[patch 3/5] [PATCH] qeth: support z/VM VSWITCH Port Isolation
Wu Fengguang	Re: [PATCH] dm9601: handle corrupt mac address
David Miller	Re: [PATCH net-2.6.24] Fix refcounting problem with netif_rx_reschedule()
git:
Junio C Hamano	Re: [PATCH] [RFC] add Message-ID field to log on git-am operation
Junio C Hamano	Re: Handling large files with GIT
Karl	Re: [ANNOUNCE] pg - A patch porcelain for GIT
Josh Triplett	Re: [RFC][PATCH 00/10] Sparse: Git's "make check" target
Pierre Habouzit	Re: [PATCH] git-daemon: more powerful base-path/user-path settings, using formats.
git-commits-head:
Linux Kernel Mailing List	MIPS: RBTX4939: Fix IOC pin-enable register updating
Linux Kernel Mailing List	regulator: update email address for Liam Girdwood
Linux Kernel Mailing List	[SCSI] ipr: add message to error table
Linux Kernel Mailing List	powerpc/32: Wire up the trampoline code for kdump
Linux Kernel Mailing List	USB: omap_udc: sync with OMAP tree
openbsd-misc:
Josh Grosse	Re: error : pkg add phpMyAdmin
Brian Candler	Re: OBSD's perspective on SELinux
Jacob Meuser	Re: /dev/audio: Device busy
David Vasek	Re: Inexpensive, low power, "wall wart" computer
William Boshuck	Re: Richard Stallman...

Colocation donated by:

Syndicate