| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0703240011420.29565@twin.jikos.cz> Date: Sat, 24 Mar 2007 00:18:10 +0100 (CET) From: Jiri Kosina <jikos@...os.cz> To: Michael Tokarev <mjt@....msk.ru> cc: Eric Dumazet <dada1@...mosbay.com>, Tomas M <tomas@...x.org>, linux-kernel@...r.kernel.org Subject: Re: [patch] [bugfix] loop.c On Fri, 23 Mar 2007, Michael Tokarev wrote: > Speaking of which, I wonder... Here, and in many other places. > If some variable is marked as MODULE_PARAM (or whatever it is called > nowadays), used in module init routine, AND subsequently used for > various bound checks and loops... [...] > and so on. Together with: > # modprobe foo n=10 > # echo 20 > /sys/module/foo/parameters/n > After that, we have 10 entries in mem[], and n is equal to 20, so the > for-loop above will be up to i=19. Which will reference unallocated > memory.... Amd I dreaming? This can be solved either by using module_param_call() in every module, and properly handling the "asynchronous" changes of module parameter, or by just disallowing the parameter from being tuned through sysfs completely (by setting the 'permissions' parameter of module_param() to zero ... which is what many drivers do anyway, I'd guess). -- Jiri Kosina - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists