From: Andrew Morton <akpm@linux-foundation.org>
To: Ian Kent <raven@themaw.net>
Cc: autofs mailing list <autofs@linux.kernel.org>,
Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>
Subject: Re: [RESEND PATCH] autofs4 - remove string terminator check
Date: Mon, 27 Oct 2008 18:54:18 -0700 [thread overview]
Message-ID: <20081027185418.0bfd0fcd.akpm@linux-foundation.org> (raw)
In-Reply-To: <20081028011430.4976.320.stgit@zeus.themaw.net>
On Tue, 28 Oct 2008 10:14:30 +0900 Ian Kent <raven@themaw.net> wrote:
> In a previous patch a comment was made that checking for the existence of
> a NULL terminator in strings copied from userspace wasn't needed as this
> is done in many places in the kernel without problem. This patch removes
> this string terminator check.
>
ah, OK. Now I'm worried.
>
> fs/autofs4/dev-ioctl.c | 20 --------------------
> 1 files changed, 0 insertions(+), 20 deletions(-)
>
> diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c
> index 625abf5..304c1ff 100644
> --- a/fs/autofs4/dev-ioctl.c
> +++ b/fs/autofs4/dev-ioctl.c
> @@ -51,18 +51,6 @@ static int check_name(const char *name)
> }
>
> /*
> - * Check a string doesn't overrun the chunk of
> - * memory we copied from user land.
> - */
> -static int invalid_str(char *str, void *end)
> -{
> - while ((void *) str <= end)
> - if (!*str++)
> - return 0;
> - return -EINVAL;
> -}
> -
> -/*
> * Check that the user compiled against correct version of autofs
> * misc device code.
> *
> @@ -143,14 +131,6 @@ static int validate_dev_ioctl(int cmd, struct autofs_dev_ioctl *param)
> cmd);
> goto out;
> }
> -
> - err = invalid_str(param->path,
> - (void *) ((size_t) param + param->size));
> - if (err) {
> - AUTOFS_WARN("invalid path supplied for cmd(0x%08x)",
> - cmd);
> - goto out;
> - }
> }
>
> err = 0;
What will now happen if userspace passes in a non-null-terminated
string (if that's possible)?
Presumably that isn't possible, or it's never been tested, because
before we check for null-termination we run check_name(), which
_assumes_ null-termination!
The comment over validate_dev_ioctl() will need the "and is terminated"
removed after this change, yes?
next prev parent reply other threads:[~2008-10-28 1:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-28 1:14 [RESEND PATCH] autofs4 - remove string terminator check Ian Kent
2008-10-28 1:54 ` Andrew Morton [this message]
2008-10-28 2:07 ` Ian Kent
2008-10-28 2:11 ` Ian Kent
2008-10-28 2:35 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081027185418.0bfd0fcd.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=autofs@linux.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=raven@themaw.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.