Re: Taking strlen of buffers copied from userspace

From: Randy.Dunlap
Date: Wed Mar 16 2005 - 00:37:34 EST

Next message: Robert W. Fuller: "Re: 2.6.11 USB broken on VIA computer (not just ACPI)"
Previous message: Andrew Morton: "Re: 2.6.11 USB broken on VIA computer (not just ACPI)"
In reply to: Robert Hancock: "Re: Taking strlen of buffers copied from userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Robert Hancock wrote:

Randy.Dunlap wrote:

The latter one does (before the listed code):

memset(line, 0, LINE_SIZE);
if (len > LINE_SIZE)
len = LINE_SIZE;
if (copy_from_user(line, buf, len - 1))
return -EFAULT;

so isn't line[LINE_SIZE - 1] always 0 ?

In that case, yes (I hadn't looked at the surrounding code). Rather an odd way of doing it, but shouldn't have that problem. Could still be subject to problems if buf contains a null at the first character, unless they're somehow preventing that too..

Yes, that's still a problem.

--
~Randy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert W. Fuller: "Re: 2.6.11 USB broken on VIA computer (not just ACPI)"
Previous message: Andrew Morton: "Re: 2.6.11 USB broken on VIA computer (not just ACPI)"
In reply to: Robert Hancock: "Re: Taking strlen of buffers copied from userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]