lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 12 Nov 2007 02:44:36 -0700
From: (Eric W. Biederman)
To:	Tetsuo Handa <>
Cc:	Andrew Morton <>,
Subject: Re: [PATCH] sysctl: Check length at deprecated_sysctl_warning.

Tetsuo Handa <> writes:

> Hello.
> Thanks for reformatting my patch
> and sorry for surprising you with directory name
> (I meant to type linux-2.6.24-rc2, not linux-2.6.22-rc2).
> According to linux-2.6.23,
> it seems that I should return -ENOTDIR
> for invalid args->nlen value.
> I got a question here regarding interpretation of CTL_MAXNAME .
> Is args->nlen == CTL_MAXNAME valid?
> It is treated as invalid while the definition says
>   /* how many path components do we allow in a
>      call to sysctl?   In other words, what is
>      the largest acceptable value for the nlen
>      member of a struct __sysctl_args to have? */
> If "name[CTL_MAXNAME];" is what the author intended,
> I think args->nlen == CTL_MAXNAME is valid.

name[CTL_MAXNAME} is not valid.
name[0...CTL_MAXNAME-1] is valid.

The check that got lost in the refactoring was specfically:

-       if (tmp.nlen <= 0 || tmp.nlen >= CTL_MAXNAME)
-               return -ENOTDIR;


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists