lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTikdLn3tBxYjSiWjnhv1L9duUNkpQBrAk5L9PafZ@mail.gmail.com>
Date:	Mon, 7 Feb 2011 13:52:12 +0100
From:	David Herrmann <dh.herrmann@...glemail.com>
To:	Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc:	Aristeu Rozanski <aris@...hedrallabs.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] uinput strnlen bugfix

> Hmm, not particularly fond with the construct, how about below instead?
>
> Btw, having "Signed-off-by: " from David would be nice.
>
> Thanks.
>
> --
> Dmitry
>
> Input: uinput - fix setting up device name
>
> From: David Herrmann <dh.herrmann@...glemail.com>
>
> The check for non-empty device name was botched since we tried to account
> for extra space for the terminating zero at the same time. Convert to
> kstrndup() to avoid this problem.
>
> Acked-by: Aristeu Rozanski <aris@...vo.org>
> Signed-off-by: Dmitry Torokhov <dtor@...l.ru>
> ---
>
>  drivers/input/misc/uinput.c |   13 ++++++-------
>  1 files changed, 6 insertions(+), 7 deletions(-)
>
>
> diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
> index 82542a1..c0888e3 100644
> --- a/drivers/input/misc/uinput.c
> +++ b/drivers/input/misc/uinput.c
> @@ -347,8 +347,7 @@ static int uinput_setup_device(struct uinput_device *udev, const char __user *bu
>  {
>        struct uinput_user_dev  *user_dev;
>        struct input_dev        *dev;
> -       char                    *name;
> -       int                     i, size;
> +       int                     i;
>        int                     retval;
>
>        if (count != sizeof(struct uinput_user_dev))
> @@ -373,19 +372,19 @@ static int uinput_setup_device(struct uinput_device *udev, const char __user *bu
>
>        udev->ff_effects_max = user_dev->ff_effects_max;
>
> -       size = strnlen(user_dev->name, UINPUT_MAX_NAME_SIZE) + 1;
> -       if (!size) {
> +       /* Ensure name is filled in */
> +       if (!user_dev->name[0]) {
>                retval = -EINVAL;
>                goto exit;
>        }
>
>        kfree(dev->name);
> -       dev->name = name = kmalloc(size, GFP_KERNEL);
> -       if (!name) {
> +       dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE,
> +                            GFP_KERNEL);
> +       if (!dev->name) {
>                retval = -ENOMEM;
>                goto exit;
>        }
> -       strlcpy(name, user_dev->name, size);
>
>        dev->id.bustype = user_dev->id.bustype;
>        dev->id.vendor  = user_dev->id.vendor;
>

This is definitely a better solution, yes. Thank you.
Signed-off-by: David Herrmann <dh.herrmann@...il.com>

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ