[RFC][CFLART] ipmi procfs bogosity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



drivers/char/ipmi/ipmi_poweroff.c::proc_write_chassctrl()
	a) does sscanf on userland pointer
	b) does sscanf on array that is not guaranteed to have NUL in it
	c) interprets input in incredibly cretinous way:
if strings doesn't start with a decimal number => as if it was "0".
if it starts with decimal number equal to 0 (e.g. is "-0000splat") - as if
it was "0".
if it starts with decimal number equal to 2 (e.g. is "00002FOAD") - as if
it was "2".
otherwise - -EINVAL.
	In any case that doesn't end up with -EINVAL, pretend that entire
buffer had been written.

(a) and (b) are immediate bugs; (c) is a valid reason for immediate severe
LARTing of the pervert who had done _that_ in a user-visible API.

Note that API _is_ user-visible, so we can't blindly change it - not without
checking WTF do its users actually write to /proc/ipmi/poweroff_control.

Could somebody comment on the actual uses of that FPOS?  My preference would
be to remove the damn thing completely - it's too ugly to live.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux