lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 12 Nov 2007 02:44:36 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] sysctl: Check length at deprecated_sysctl_warning.

Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> writes:

> Hello.
>
> Thanks for reformatting my patch
> and sorry for surprising you with directory name
> (I meant to type linux-2.6.24-rc2, not linux-2.6.22-rc2).
>
> According to linux-2.6.23,
> it seems that I should return -ENOTDIR
> for invalid args->nlen value.
>
> I got a question here regarding interpretation of CTL_MAXNAME .
> Is args->nlen == CTL_MAXNAME valid?
> It is treated as invalid while the definition says
>
>   /* how many path components do we allow in a
>      call to sysctl?   In other words, what is
>      the largest acceptable value for the nlen
>      member of a struct __sysctl_args to have? */
>
> If "name[CTL_MAXNAME];" is what the author intended,
> I think args->nlen == CTL_MAXNAME is valid.

name[CTL_MAXNAME} is not valid.
name[0...CTL_MAXNAME-1] is valid.


The check that got lost in the refactoring was specfically:

-       if (tmp.nlen <= 0 || tmp.nlen >= CTL_MAXNAME)
-               return -ENOTDIR;

Eric

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists