| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Jan 2013 14:35:41 +0000 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: snakky.zhang@...il.com Cc: linux-kernel@...r.kernel.org Subject: Re: Is this a bug that n_tty_set_room not serialized? If so please correct it. On Wed, 23 Jan 2013 12:40:38 +0800 snakky.zhang@...il.com wrote: > Hi experts, > > Seems there is an bug related to function n_tty_set_roomin source file > drivers/tty/n_tty.c. This function is used to set receive_room based on > the read_cntby both the consumer and the producer of the tty's read buffer. > > But this function is not serialized, so I am afraid there is > a risk like: The producer make the buffer full and then call this > function to It's not entirely robust - it should be ok for current usage. The proper fix IMHO is to make the ldisc receive function return the number of bytes actually consumed. That cures the problem rather than patching around it. It's an interesting little project for someone, and as I think only n_tty uses that level of flow control probably not too horrible now. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists