RE: Resend [PATCH] netfilter: Fix copy_to_user too small size parametre.

From: David Laight
Date: Fri Mar 02 2012 - 04:06:10 EST

Next message: Rajendra Nayak: "Re: [PATCH 0/4] Start getting rid of pdata callbacks with gpio_find_by_chip_name()"
Previous message: Alex Shi: "Re: [RFC patch] cmpxchg_double: remove local variables to getbetter performance"
In reply to: santosh nayak: "Resend [PATCH] netfilter: Fix copy_to_user too small size parametre."
Next in thread: Pablo Neira Ayuso: "Re: Resend [PATCH] netfilter: Fix copy_to_user too small sizeparametre."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> - if (copy_to_user(hlp, m->u.match->name,
> EBT_FUNCTION_MAXNAMELEN))
> + char name[EBT_FUNCTION_MAXNAMELEN] = {};
> +
> + strncpy(name, m->u.match->name, sizeof(name));
> + if (copy_to_user(hlp, name, EBT_FUNCTION_MAXNAMELEN))
> return -EFAULT;

strncpy() is very rarely the function you are looking for.
In this case it MIGHT be right (since you do a fixed size
copy_to_user).
OTOH there is no need to also initialise name[].
And it isn't entirely clear whether the application
is allowed to be given a non-terminated string.

David

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rajendra Nayak: "Re: [PATCH 0/4] Start getting rid of pdata callbacks with gpio_find_by_chip_name()"
Previous message: Alex Shi: "Re: [RFC patch] cmpxchg_double: remove local variables to getbetter performance"
In reply to: santosh nayak: "Resend [PATCH] netfilter: Fix copy_to_user too small size parametre."
Next in thread: Pablo Neira Ayuso: "Re: Resend [PATCH] netfilter: Fix copy_to_user too small sizeparametre."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]