lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1199434602.19185.1.camel@yangyi-dev.bj.intel.com>
Date:	Fri, 04 Jan 2008 16:16:42 +0800
From:	Yi Yang <yi.y.yang@...el.com>
To:	linux-acpi@...r.kernel.org
Cc:	linux-kernel@...r.kernel.org, lenb@...nel.org,
	acpi-bugzilla@...ts.sourceforge.net
Subject: [PATCH linux-acpi] fix acpi fan state set error

Subject: ACPI: fix acpi fan state set error
From: Yi Yang <yi.y.yang@...el.com>

Under /proc/acpi, there is a fan control interface, a user can
set 0 or 3 to /proc/acpi/fan/*/state, 0 denotes D0 state, 3
denotes D3 state, but in current implementation, a user can
set a fan to D1 state by any char excluding '1', '2' and '3'.

For example:

[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost acpi]# echo "" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  on
[root@...alhost acpi]# echo "3" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost acpi]# echo "xxxxx" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  on

Obviously, such inputs as "" and "xxxxx" are invalid for fan state.

This patch fixes this issue, it strictly limits fan state only to
accept 0, 1, 2 and 3, any other inputs are invalid.

Before applying this patch, the test result is:

[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost acpi]# echo "" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  on
[root@...alhost acpi]# echo "3" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost acpi]# echo "xxxxx" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  on
[root@...alhost acpi]# echo "3" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost acpi]# echo "3x" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost acpi]# echo "-1x" > /proc/acpi/fan/C31B/state
[root@...alhost acpi]# cat /proc/acpi/fan/C31B/state
status:                  on
[root@...alhost acpi]#


After applying this patch, the test result is:

[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost ~]# echo "" > /proc/acpi/fan/C31B/state
-bash: echo: write error: Invalid argument
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost ~]# echo "3" > /proc/acpi/fan/C31B/state
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost ~]# echo "xxxxx" > /proc/acpi/fan/C31B/state
-bash: echo: write error: Invalid argument
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost ~]# echo "-1x" > /proc/acpi/fan/C31B/state
-bash: echo: write error: Invalid argument
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost ~]# echo "0" > //proc/acpi/fan/C31B/state
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  on
[root@...alhost ~]# echo "4" > //proc/acpi/fan/C31B/state
-bash: echo: write error: Invalid argument
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  on
[root@...alhost ~]# echo "3" > //proc/acpi/fan/C31B/state
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  off
[root@...alhost ~]# echo "0" > //proc/acpi/fan/C31B/state
[root@...alhost ~]# cat /proc/acpi/fan/C31B/state
status:                  on
[root@...alhost ~]# echo "3x" > //proc/acpi/fan/C31B/state
-bash: echo: write error: Invalid argument
[root@...alhost ~]#


Signed-off-by: Yi Yang <yi.y.yang@...el.com>
---
 fan.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/acpi/fan.c b/drivers/acpi/fan.c
index a5a5532..53f7c72 100644
--- a/drivers/acpi/fan.c
+++ b/drivers/acpi/fan.c
@@ -98,7 +98,7 @@ acpi_fan_write_state(struct file *file, const char __user * buffer,
 	int result = 0;
 	struct seq_file *m = file->private_data;
 	struct acpi_device *device = m->private;
-	char state_string[12] = { '\0' };
+	char state_string[3] = { '\0' };
 
 	if (count > sizeof(state_string) - 1)
 		return -EINVAL;
@@ -107,6 +107,12 @@ acpi_fan_write_state(struct file *file, const char __user * buffer,
 		return -EFAULT;
 
 	state_string[count] = '\0';
+	if ((state_string[0] < '0') || (state_string[0] > '3'))
+		return -EINVAL;
+	if (state_string[1] == '\n')
+		state_string[1] = '\0';
+	if (state_string[1] != '\0')
+		return -EINVAL;
 
 	result = acpi_bus_set_power(device->handle,
 				    simple_strtoul(state_string, NULL, 0));


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ