From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
To: Patrick McHardy <kaber@trash.net>
Cc: Henrik Nordstrom <hno@marasystems.com>,
Harald Welte <laforge@netfilter.org>,
netfilter-devel@lists.netfilter.org
Subject: Re: [2/2] osf: fixed /proc reading bug
Date: Mon, 23 Aug 2004 14:30:59 +0400 [thread overview]
Message-ID: <1093257059.21197.106.camel@uganda> (raw)
In-Reply-To: <4129BF18.3010204@trash.net>
[-- Attachment #1: Type: text/plain, Size: 4119 bytes --]
On Mon, 2004-08-23 at 13:55, Patrick McHardy wrote:
> Evgeniy Polyakov wrote:
>
> >It simply checks if return value from snprintf is 0 and breaks,
> >otherwise it proceeds.
> >
> Still broken. snprintf returns a value > n if it truncated to n bytes.
> See my last mail again. BTW, did the overflow actually cause problems ?
> proc has an extra k of space just for overflows ..
If it truncates than we have [avoided] overflow and definetely will not
write anything after it(except zero-lengh snprintf) since
__count-count == 0 there.
Do you mean following:
list_for_each()
{
snprintf();
if (count > __count)
break;
}
>
> Regards
> Patrick
>
> >ipt_osf.diff.1 - patch for 2.6
> >ipt_osf.diff.1.24 - patch for 2.4
> >
> >Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
> >
> >
> >
> >>Regards
> >>Patrick
> >>
> >>
> >>------------------------------------------------------------------------
> >>
> >>--- netfilter_cvs/patch-o-matic-ng/osf/linux-2.4/net/ipv4/netfilter/ipt_osf.c 2004-08-22 00:54:44.000000000 +0400
> >>+++ netfilter_cvs/patch-o-matic-ng/osf/linux-2.4/net/ipv4/netfilter/ipt_osf.c 2004-08-20 22:36:24.000000000 +0400
> >>@@ -182,7 +185,6 @@
> >> optsize = tcp->doff*4 - sizeof(struct tcphdr);
> >> }
> >>
> >>-
> >> /* Actually we can create hash/table of all genres and search
> >> * only in appropriate part, but here is initial variant,
> >> * so will use slow path.
> >>@@ -601,9 +603,10 @@
> >> {
> >> struct list_head *ent;
> >> struct osf_finger *f = NULL;
> >>- int i;
> >>+ int i, __count, err;
> >>
> >> *eof = 1;
> >>+ __count = count;
> >> count = 0;
> >>
> >> read_lock_bh(&osf_lock);
> >>@@ -613,10 +616,13 @@
> >>
> >> log("%s [%s]", f->genre, f->details);
> >>
> >>- count += sprintf(buf+count, "%s - %s[%s] : %s",
> >>+ err = snprintf(buf+count, __count-count, "%s - %s[%s] : %s",
> >> f->genre, f->version,
> >> f->subtype, f->details);
> >>-
> >>+ if (err == 0)
> >>+ break;
> >>+ else
> >>+ count += err;
> >> if (f->opt_num)
> >> {
> >> loga(" OPT: ");
> >>@@ -630,7 +636,11 @@
> >> }
> >> }
> >> loga("\n");
> >>- count += sprintf(buf+count, "\n");
> >>+ err = snprintf(buf+count, __count-count, "\n");
> >>+ if (err == 0)
> >>+ break;
> >>+ else
> >>+ count += err;
> >> }
> >> read_unlock_bh(&osf_lock);
> >>
> >>
> >>
> >>------------------------------------------------------------------------
> >>
> >>--- netfilter_cvs/patch-o-matic-ng/osf/linux-2.4/net/ipv4/netfilter/ipt_osf.c 2004-08-22 00:54:44.000000000 +0400
> >>+++ netfilter_cvs/patch-o-matic-ng/osf/linux-2.4/net/ipv4/netfilter/ipt_osf.c 2004-08-20 22:36:24.000000000 +0400
> >>@@ -182,7 +185,6 @@
> >> optsize = tcp->doff*4 - sizeof(struct tcphdr);
> >> }
> >>
> >>-
> >> /* Actually we can create hash/table of all genres and search
> >> * only in appropriate part, but here is initial variant,
> >> * so will use slow path.
> >>@@ -601,9 +603,10 @@
> >> {
> >> struct list_head *ent;
> >> struct osf_finger *f = NULL;
> >>- int i;
> >>+ int i, __count, err;
> >>
> >> *eof = 1;
> >>+ __count = count;
> >> count = 0;
> >>
> >> read_lock_bh(&osf_lock);
> >>@@ -613,10 +616,13 @@
> >>
> >> log("%s [%s]", f->genre, f->details);
> >>
> >>- count += sprintf(buf+count, "%s - %s[%s] : %s",
> >>+ err = snprintf(buf+count, __count-count, "%s - %s[%s] : %s",
> >> f->genre, f->version,
> >> f->subtype, f->details);
> >>-
> >>+ if (err == 0)
> >>+ break;
> >>+ else
> >>+ count += err;
> >> if (f->opt_num)
> >> {
> >> loga(" OPT: ");
> >>@@ -630,7 +636,11 @@
> >> }
> >> }
> >> loga("\n");
> >>- count += sprintf(buf+count, "\n");
> >>+ err = snprintf(buf+count, __count-count, "\n");
> >>+ if (err == 0)
> >>+ break;
> >>+ else
> >>+ count += err;
> >> }
> >> read_unlock_bh(&osf_lock);
> >>
> >>
> >>
--
Evgeniy Polyakov ( s0mbre )
Crash is better than data corruption. -- Art Grabowski
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-08-23 10:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-21 21:03 [2/2] osf: fixed /proc reading bug Evgeniy Polyakov
2004-08-21 22:30 ` Patrick McHardy
2004-08-21 23:48 ` Henrik Nordstrom
2004-08-22 0:15 ` Patrick McHardy
2004-08-23 8:57 ` Evgeniy Polyakov
2004-08-23 9:55 ` Patrick McHardy
2004-08-23 10:30 ` Evgeniy Polyakov [this message]
2004-08-23 10:38 ` Henrik Nordstrom
2004-08-23 10:39 ` Evgeniy Polyakov
2004-08-23 11:35 ` Evgeniy Polyakov
2004-08-23 18:33 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1093257059.21197.106.camel@uganda \
--to=johnpol@2ka.mipt.ru \
--cc=hno@marasystems.com \
--cc=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.