lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4CEA8684.7060809@wincor-nixdorf.com>
Date:	Mon, 22 Nov 2010 16:04:36 +0100
From:	Frank Salomon <frank.salomon@...cor-nixdorf.com>
To:	linux-kernel@...r.kernel.org
Subject: [BUG 2.6.20.1] in drivers/usb/storage/scsiglue.c

Hi All,

please connect a memstick/pendrive to the usb port and try to read 
/proc/scsi/usb-storage/<#> in 2 ways:


int main ( int argc, char *argv[] )
{
	char c, buffer[20000];
	int fd, i;

	fd = open ( argv[1],  O_RDONLY, 0 );
	if ( fd >= 0 )
		{
		while ( read ( fd, &c , 1 ) > 0 )
			{
			write ( 1, &c, 1 );
			}
		close ( fd );
		}
	fd = open ( argv[1],  O_RDONLY, 0 );
	if ( fd >= 0 )
		{
		while ( (i = read ( fd, &buffer[0] , 20000 )) > 0 )
			{
			write ( 1, &buffer[0], i );
			}
		close ( fd );
		}
	
}

and you will get 2 results.


Error is in file drivers/usb/storage/scsiglue.c, macro SPRINTF. But we 
don't need the macro, because the buffer in 
fs/proc/generic.c:proc_file_read is one PAGE.
Solution is:

# diff -Naur linux_orig/drivers/usb/storage/scsiglue.c 
linux/drivers/usb/storage/scsiglue.c
--- linux_orig/drivers/usb/storage/scsiglue.c   2007-02-20 
07:34:32.000000000 +0100
+++ linux/drivers/usb/storage/scsiglue.c        2010-11-22 
17:13:16.000000000 +0100
@@ -329,25 +329,28 @@
  /***********************************************************************
   * /proc/scsi/ functions
   ***********************************************************************/
-
-/* we use this macro to help us write into the buffer */
+/*
+ * we use this macro to help us write into the buffer
+ *
  #undef SPRINTF
  #define SPRINTF(args...) \
         do { if (pos < buffer+length) pos += sprintf(pos, ## args); } 
while (0)
+*/

  static int proc_info (struct Scsi_Host *host, char *buffer,
                 char **start, off_t offset, int length, int inout)
  {
         struct us_data *us = host_to_us(host);
-       char *pos = buffer;
+       char *pos;
         const char *string;

         /* if someone is sending us data, just throw it away */
         if (inout)
                 return length;

+       pos = buffer;
         /* print the controller name */
-       SPRINTF("   Host scsi%d: usb-storage\n", host->host_no);
+       pos += sprintf ( pos, "   Host scsi%d: usb-storage\n", 
host->host_no);

         /* print product, vendor, and serial number strings */
         if (us->pusb_dev->manufacturer)
@@ -356,24 +359,27 @@
                 string = us->unusual_dev->vendorName;
         else
                 string = "Unknown";
-       SPRINTF("       Vendor: %s\n", string);
+       pos += sprintf ( pos, "       Vendor: %s\n", string);
+
         if (us->pusb_dev->product)
                 string = us->pusb_dev->product;
         else if (us->unusual_dev->productName)
                 string = us->unusual_dev->productName;
         else
                 string = "Unknown";
-       SPRINTF("      Product: %s\n", string);
+       pos += sprintf ( pos, "      Product: %s\n", string);
+
         if (us->pusb_dev->serial)
                 string = us->pusb_dev->serial;
         else
                 string = "None";
-       SPRINTF("Serial Number: %s\n", string);
+       pos += sprintf ( pos, "Serial Number: %s\n", string);

         /* show the protocol and transport */
-       SPRINTF("     Protocol: %s\n", us->protocol_name);
-       SPRINTF("    Transport: %s\n", us->transport_name);
+       pos += sprintf ( pos, "     Protocol: %s\n", us->protocol_name);

+       pos += sprintf ( pos, "    Transport: %s\n", us->transport_name);
+
         /* show the device flags */
         if (pos < buffer + length) {
                 pos += sprintf(pos, "       Quirks:");


Best regards, frank
(Please ignore the rest of this email)


WINCOR NIXDORF International GmbH
Sitz der Gesellschaft: Paderborn
Registergericht Paderborn HRB 3507
Geschäftsführer: Eckard Heidloff (Vorsitzender), Stefan Auerbach, Dr. Jürgen Wunram
Vorsitzender des Aufsichtsrats: Karl-Heinz Stiller
Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193

Diese E-Mail enthält vertrauliche Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail may contain confidential information.
If you are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail.
Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ