From mboxrd@z Thu Jan 1 00:00:00 1970 From: Evgeniy Polyakov Subject: Re: [2/2] osf: fixed /proc reading bug Date: Mon, 23 Aug 2004 15:35:23 +0400 Sender: netfilter-devel-admin@lists.netfilter.org Message-ID: <1093260922.21197.156.camel@uganda> References: <20040822010358.79048eda@zanzibar.2ka.mipt.ru> <4127CCF9.2030505@trash.net> <4127E586.5000707@trash.net> <1093251429.21197.8.camel@uganda> <4129BF18.3010204@trash.net> <1093257059.21197.106.camel@uganda> <1093257554.21197.121.camel@uganda> Reply-To: johnpol@2ka.mipt.ru Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-3+Uz90KgbCcamwgeTm2u" Cc: Henrik Nordstrom , Harald Welte , netfilter-devel@lists.netfilter.org Return-path: To: Patrick McHardy In-Reply-To: <1093257554.21197.121.camel@uganda> Errors-To: netfilter-devel-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: netfilter-devel.vger.kernel.org --=-3+Uz90KgbCcamwgeTm2u Content-Type: multipart/mixed; boundary="=-6yc3VSWqXhbxosuMOgF3" --=-6yc3VSWqXhbxosuMOgF3 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2004-08-23 at 14:39, Evgeniy Polyakov wrote: > On Mon, 2004-08-23 at 14:30, Evgeniy Polyakov wrote: > > On Mon, 2004-08-23 at 13:55, Patrick McHardy wrote: > > > Evgeniy Polyakov wrote: > > >=20 > > > >It simply checks if return value from snprintf is 0 and breaks, > > > >otherwise it proceeds. > > > > > > > Still broken. snprintf returns a value > n if it truncated to n bytes= . > > > See my last mail again. BTW, did the overflow actually cause problems= ? > > > proc has an extra k of space just for overflows .. > >=20 > > If it truncates than we have [avoided] overflow and definetely will not > > write anything after it(except zero-lengh snprintf) since > > __count-count =3D=3D 0 there. >=20 > Actually <=3D 0 which is not good but avoids overflows. > I can trigger overflow without patch(actually it was hard lockup without > any messages). >=20 > > Do you mean following: > > list_for_each() > > { > > snprintf(); > > if (count > __count) > > break; > > } >=20 > Attached with check=20 > __count >=3D count + err; I'm not smoking bad crack, but it needs to be __count <=3D count + err; Attached. > >=20 > > >=20 > > > Regards > > > Patrick --=20 Evgeniy Polyakov ( s0mbre ) Crash is better than data corruption. -- Art Grabowski --=-6yc3VSWqXhbxosuMOgF3 Content-Disposition: attachment; filename=ipt_osf.diff Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name=ipt_osf.diff; charset=koi8-r LS0tIG5ldGZpbHRlcl9jdnMvcGF0Y2gtby1tYXRpYy1uZy9vc2YvbGludXgtMi42L25ldC9pcHY0 L25ldGZpbHRlci9pcHRfb3NmLmMJMjAwNC0wNy0xOCAwMDoxMDo0My4wMDAwMDAwMDAgKzA0MDAN CisrKyBuZXRmaWx0ZXJfY3ZzL3BhdGNoLW8tbWF0aWMtbmcvb3NmL2xpbnV4LTIuNi9uZXQvaXB2 NC9uZXRmaWx0ZXIvaXB0X29zZi5jCTIwMDQtMDgtMjAgMjE6NTU6MjIuMDAwMDAwMDAwICswNDAw DQpAQCAtNDExLDggKzQxMywxMSBAQA0KIAkJfQ0KIAl9DQogDQotCXJlYWRfdW5sb2NrKCZvc2Zf bG9jayk7DQorCWlmIChmY291bnQpDQorCQlmbWF0Y2ggPSBGTUFUQ0hfT0s7DQogDQorCXJlYWRf dW5sb2NrKCZvc2ZfbG9jayk7DQorCQ0KIAlyZXR1cm4gKGZtYXRjaCA9PSBGTUFUQ0hfT0spPzE6 MDsNCiB9DQogDQo= --=-6yc3VSWqXhbxosuMOgF3 Content-Disposition: attachment; filename=ipt_osf.diff.1 Content-Transfer-Encoding: base64 Content-Type: text/plain; name=ipt_osf.diff.1; charset=koi8-r LS0tIG5ldGZpbHRlcl9jdnMvcGF0Y2gtby1tYXRpYy1uZy9vc2YvbGludXgtMi42L25ldC9pcHY0 L25ldGZpbHRlci9pcHRfb3NmLmMJMjAwNC0wOC0yMiAwMDo1NDo0NC4wMDAwMDAwMDAgKzA0MDAN CisrKyBuZXRmaWx0ZXJfY3ZzL3BhdGNoLW8tbWF0aWMtbmcvb3NmL2xpbnV4LTIuNi9uZXQvaXB2 NC9uZXRmaWx0ZXIvaXB0X29zZi5jCTIwMDQtMDgtMjAgMjI6MzY6MjQuMDAwMDAwMDAwICswNDAw DQpAQCAtMTgyLDcgKzE4NSw2IEBADQogCQlvcHRzaXplID0gdGNwLT5kb2ZmKjQgLSBzaXplb2Yo c3RydWN0IHRjcGhkcik7DQogCX0NCiANCi0JDQogCS8qIEFjdHVhbGx5IHdlIGNhbiBjcmVhdGUg aGFzaC90YWJsZSBvZiBhbGwgZ2VucmVzIGFuZCBzZWFyY2gNCiAJICogb25seSBpbiBhcHByb3By aWF0ZSBwYXJ0LCBidXQgaGVyZSBpcyBpbml0aWFsIHZhcmlhbnQsDQogCSAqIHNvIHdpbGwgdXNl IHNsb3cgcGF0aC4NCkBAIC02MDEsOSArNjAzLDEwIEBADQogew0KIAlzdHJ1Y3QgbGlzdF9oZWFk ICplbnQ7DQogCXN0cnVjdCBvc2ZfZmluZ2VyICpmID0gTlVMTDsNCi0JaW50IGk7DQorCWludCBp LCBfX2NvdW50LCBlcnI7DQogCQ0KIAkqZW9mID0gMTsNCisJX19jb3VudCA9IGNvdW50Ow0KIAlj b3VudCA9IDA7DQogDQogCXJlYWRfbG9ja19iaCgmb3NmX2xvY2spOw0KQEAgLTYxMywxMCArNjE2 LDEzIEBADQogDQogCQlsb2coIiVzIFslc10iLCBmLT5nZW5yZSwgZi0+ZGV0YWlscyk7DQogCQkN Ci0JCWNvdW50ICs9IHNwcmludGYoYnVmK2NvdW50LCAiJXMgLSAlc1slc10gOiAlcyIsIA0KKwkJ ZXJyID0gc25wcmludGYoYnVmK2NvdW50LCBfX2NvdW50LWNvdW50LCAiJXMgLSAlc1slc10gOiAl cyIsIA0KIAkJCQkJZi0+Z2VucmUsIGYtPnZlcnNpb24sDQogCQkJCQlmLT5zdWJ0eXBlLCBmLT5k ZXRhaWxzKTsNCi0JCQ0KKwkJaWYgKGVyciA9PSAwIHx8IF9fY291bnQgPD0gY291bnQgKyBlcnIp DQorCQkJYnJlYWs7DQorCQllbHNlDQorCQkJY291bnQgKz0gZXJyOw0KIAkJaWYgKGYtPm9wdF9u dW0pDQogCQl7DQogCQkJbG9nYSgiIE9QVDogIik7DQpAQCAtNjMwLDcgKzYzNiwxMSBAQA0KIAkJ CX0NCiAJCX0NCiAJCWxvZ2EoIlxuIik7DQotCQljb3VudCArPSBzcHJpbnRmKGJ1Zitjb3VudCwg IlxuIik7DQorCQllcnIgPSBzbnByaW50ZihidWYrY291bnQsIF9fY291bnQtY291bnQsICJcbiIp Ow0KKwkJaWYgKGVyciA9PSAwIHx8IF9fY291bnQgPD0gY291bnQgKyBlcnIpDQorCQkJYnJlYWs7 DQorCQllbHNlDQorCQkJY291bnQgKz0gZXJyOw0KIAl9DQogCXJlYWRfdW5sb2NrX2JoKCZvc2Zf bG9jayk7DQogDQo= --=-6yc3VSWqXhbxosuMOgF3-- --=-3+Uz90KgbCcamwgeTm2u Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBKdZ6IKTPhE+8wY0RAhXfAKCJ/gU8CefJj87MErO2R+pe+niFxgCffofg maOYxEP8IFDzxuzGb4ceO84= =o2Rb -----END PGP SIGNATURE----- --=-3+Uz90KgbCcamwgeTm2u--