* [PATCH 2.4][RESEND] Bug in reading some files in /proc/<pid>/
@ 2004-01-07 5:10 Akinobu Mita
0 siblings, 0 replies; only message in thread
From: Akinobu Mita @ 2004-01-07 5:10 UTC (permalink / raw)
To: marcelo.tosatti; +Cc: linux-kernel
Hi Marcelo,
I found the bug in 2.4. this problem has already been fixed in 2.6.
The following program could not detect Bad address
with /proc/<pid>/cmdline, stat, statm, ...
-----
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
int main(int argc, char **argv)
{
int fd, ret;
fd = open(argv[1], O_RDONLY);
ret = read(fd, NULL, 4*1024); // Bad address
printf("%s: %d\n", strerror(errno), ret);
}
-----
For example.
$ ./a.out a.out
Bad Address: -1
This result could be expected.
but..
$ ./a.out /proc/1/stat
Success: 214
--- linux-2.4.x/fs/proc/base.c.orig 2003-12-26 11:34:19.000000000 +0900
+++ linux-2.4.x/fs/proc/base.c 2004-01-07 13:32:12.000000000 +0900
@@ -357,8 +357,10 @@ static ssize_t proc_info_read(struct fil
if (count + *ppos > length)
count = length - *ppos;
end = count + *ppos;
- copy_to_user(buf, (char *) page + *ppos, count);
- *ppos = end;
+ if (copy_to_user(buf, (char *) page + *ppos, count))
+ count = -EFAULT;
+ else
+ *ppos = end;
free_page(page);
return count;
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-01-07 5:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-07 5:10 [PATCH 2.4][RESEND] Bug in reading some files in /proc/<pid>/ Akinobu Mita
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.