Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)
From: Jon Smirl
Date: Wed Apr 05 2006 - 13:06:54 EST
On 4/5/06, Al Viro <viro@xxxxxxxxxxxxxxxx> wrote:
> On Wed, Apr 05, 2006 at 12:34:49PM -0400, Jon Smirl wrote:
> > On 4/5/06, Al Viro <viro@xxxxxxxxxxxxxxxx> wrote:
> > > On Wed, Apr 05, 2006 at 07:09:28PM +0400, Sergey Vlasov wrote:
> > > > This will break the "color_map" sysfs file for framebuffers -
> > > > drivers/video/fbsysfs.c:store_cmap() expects to get exactly 4096 bytes
> > > > for a colormap with 256 entries. In fact, the original patch which
> > > > changed PAGE_SIZE - 1 to PAGE_SIZE:
> > >
> > > ... cheerfully assuming that nobody assumes NUL-termination and
> > > everyone (sysfs patch writers!) certainly uses the length argument.
> > > Fscking brilliant, that.
> >
> > Why does sysfs have two string length determination methods - both
> > NULL termination and a length parameter. It should be one or the
> > other, not both. Having both simply cause problems when some
> > developers implement one scheme and others only implement the other.
>
> Which part of "sysfs patches can be written by idiots and usually are"
> is too hard to understand? Oh, wait. I see... Well, nevermind, then...
I look forward to seeing your patches address these problems.
--
Jon Smirl
jonsmirl@xxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/