On Fri, 2005-08-05 at 12:56 +0200, Roman Zippel wrote:
> Hi,
>
> On Fri, 5 Aug 2005, Arjan van de Ven wrote:
>
> > > > we've had a non-negliable amount of security holes because of this
> > >
> > > So why don't we have a similiar kmalloc()?
> >
> > nope kmalloc is not an array allocator
> >
> > > > it makes it easy and safe. Of course you can and should check it in all
> > > > users. Just that using a safer API is generally better than forcing
> > > > everyone to do it themselves.
> > >
> > > How exactly does this make it a "safe API"? Even if it checks for this one
> > > case, it still makes the user suspectible for allocating big amounts of
> > > unswappable memory.
> >
> > 128Kb max.
>
> You completely missed the point and didn't answer my questions at all... :-(
I found it hard to understand your question.
Maybe it helps if I give the basic bug scenario first (pseudo C)
void some_ioctl_func(...)
{
int count, i;
struct foo *ptr;
copy_from_user(&count,...);
ptr = kmalloc(sizeof(struct foo) * count);
if (!ptr)
return -ENOMEM;
for (i=0; i<count; i++) {
initialize(ptr+i);
}
}
if the user picks count such that the multiplication overflows, the
kmalloc will actually *succeed* in getting a chunk between 0 and 128Kb.
The subsequent "fill the array up" will overwrite a LOT of kernel memory
though.
Fixing the hole of course involves checking "count" for too high a
value. Using kcalloc() will check for this same overflow inside kcalloc
and prevent it (eg return NULL) if one of these slips through.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |