| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Mar 2007 14:49:27 -0700 (PDT) From: David Miller <davem@...emloft.net> To: da-x@...atomic.org Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] tcp_sendpage(): fix broken page iteration From: Dan Aloni <da-x@...atomic.org> Date: Sun, 18 Mar 2007 14:43:46 +0200 > do_tcp_sendpages() should not iterate 'pages' as an array since > it is not an array of 'struct page *', but a pointer to a single > entity of 'struct page *' passed on the stack as a parameter to > tcp_send_page() (hence it would crash if poffset + psize > PAGE_SIZE, > because pages[1] and beyond most probably not constitutes a valid > 'struct page *'). do_tcp_sendpages() should never get passed poffset+psize>PAGE_SIZE, that would be a bug. Feel free to add a BUG() check for that if you wish, and a fix for any caller which violates this. The code is perfectly fine as-is. It was originally written to accept page arrays, but once it was decided that ->sendpage() would only pass in one page, we simply modified to caller of do_tcp_sendpages() to accomodate this argument passing change, instead of changing do_tcp_sendpages() which is totally unnecessary. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists