Re: uevent buffer overflow in input layer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 24 January 2006 00:03, Greg KH wrote:
> On Mon, Jan 23, 2006 at 10:43:41AM +1100, Benjamin Herrenschmidt wrote:
> > Current -git as of today does this on an x86 box with a logitech USB
> > keyboard:
> > 
> > (the $$$ is debug stuff I added to print_modalias(), size is the size
> > passed in and "Total len" is the value of "len" before returning). We
> > end up overflowing, thus we pass a negative size to snprintf which
> > causes the WARN_ON. Bumping the uevent buffer size in lib/kobject_uevent.c
> > from 1024 to 2048 seems to fix the oops and /dev/input/mice is now properly
> > created and works (it doesn't without the fix, X fails and we end up back
> > in console with a dead keyboard).
> > 
> > I'm not sure it's the correct solution as I'm not too familiar with the
> > uevent code though, so I'll let you guys decide on the proper approach.
> 
> Yes, input has some big strings, I'd recommend bumping it up like you
> suggest.
> 
> Care to make up a patch as you found the problem and should get the
> credit?  :)
> 

Actually, is it too late to convert modalias data to the same format
(bitmap) we are using in /proc/bus/input/devices (keeping cutting key
info at KEY_MIN_INTERESTING)? It looks like it will be more compact
and let us keep 1024 bytes buffer...

-- 
Dmitry
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux