Hello.
In article <[email protected]> (at Fri, 30 Dec 2005 09:25:35 -0800 (PST)), Linus Torvalds <[email protected]> says:
> On Fri, 30 Dec 2005, Yi Yang wrote:
> >
> > If the user reads a sysctl entry which is of string type
> > by sysctl syscall, this call probably corrupts the user data
> > right after the old value buffer, the issue lies in sysctl_string
> > seting 0 to oldval[len], len is the available buffer size
> > specified by the user, obviously, this will write to the first
> > byte of the user memory place immediate after the old value buffer,
> > the correct way is that sysctl_string doesn't set 0, the user
> > should do it by self in the program.
:
> We _should_ zero-pad the data, at least if the result fits in the buffer.
:
> But even that is questionable: one alternative is to always zero-pad (like
> we used to), but make sure that the buffer size is sufficient for it (ie
> instead of adding one to the length of the string, we'd subtract one from
> the buffer length and make sure that the '\0' fits..
How about returning -ENOMEM, as BSDs (FreeBSD and NetBSD
at least) do. No?
--yoshfuji
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
