lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080205221805.GC6950@suse.de>
Date:	Tue, 5 Feb 2008 14:18:05 -0800
From:	Greg KH <gregkh@...e.de>
To:	Len Brown <lenb@...nel.org>
Cc:	linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH for review] ACPI: Create /sys/firmware/acpi/interrupts/
	counters

On Tue, Feb 05, 2008 at 02:30:10AM -0500, Len Brown wrote:
> # cat /sys/firmware/acpi/interrupts/summary
> pm_timer     0
> glbl_lock    0
> power_btn    0
> sleep_btn    0
> rtc          0
> gpe00    0
> gpe01    0
> gpe02    0
> gpe03    0
> gpe04    0
> gpe05    0
> gpe06    0
> gpe07    0
> gpe08    0
> gpe09    2
> gpe0A    0
> gpe0B    0
> gpe0C    0
> gpe0D    0
> gpe0E    0
> gpe0F    0
> gpe10    0
> gpe11   60
> gpe12    0
> gpe13    0
> gpe14    0
> gpe15    0
> gpe16    0
> gpe17    0
> gpe18    0
> gpe19    1
> gpe1A    0
> gpe1B    0
> gpe1C    0
> gpe1D    0
> gpe1E    0
> gpe1F    0
> gpe_hi    0
> gpe_total   63
> acpi_irq    63

Eeek!  Why?  What's wrong with individual files here?  What's to ensure
that you aren't going to overflow your buffer?  There's a reason we
don't have the seq file interface for sysfs, to prevent this very kind
of thing...


> +	/*
> +	 * General Purpose Events
> +	 */
> +	for (i = 0; i < number_of_gpes; i++) {
> +		count += sprintf(buf + count, "gpe%02X %4d\n",
> +			i, acpi_gpe_counters[i]);
> +	}

Nope, no error checking, fun chance of blowing the memory buffer :(

Please change the interface to not do this.

Oh, and for every new sysfs file, you need a Documentation/ABI/
addition, please also add that.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ