[patch] eicon: make buffer larger

All of lore.kernel.org
 help / color / mirror / Atom feed

* [patch] eicon: make buffer larger
@ 2010-10-04 19:24 ` Dan Carpenter
  0 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-04 19:24 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

In diva_mnt_add_xdi_adapter() we do this:
  strcpy (clients[id].drvName,     tmp);
  strcpy (clients[id].Dbg.drvName, tmp);

The "clients[id].drvName" is a 128 character buffer and
"clients[id].Dbg.drvName" was originally a 16 character buffer but I've
changed it to 128 as well.  We don't actually use 128 characters but we
do use more than 16.

I've also changed the size of "tmp" to 128 characters instead of 256.

Signed-off-by: Dan Carpenter <error27@gmail.com>

diff --git a/drivers/isdn/hardware/eicon/debuglib.h b/drivers/isdn/hardware/eicon/debuglib.h
index 8ea5877..02eed6b 100644
--- a/drivers/isdn/hardware/eicon/debuglib.h
+++ b/drivers/isdn/hardware/eicon/debuglib.h
@@ -249,7 +249,7 @@ typedef struct _DbgHandle_
  }     regTime ;  /* timestamp for registration       */
  void               *pIrp ;   /* ptr to pending i/o request       */
  unsigned long       dbgMask ;  /* current debug mask               */
- char                drvName[16] ; /* ASCII name of registered driver  */
+ char                drvName[128] ; /* ASCII name of registered driver  */
  char                drvTag[64] ; /* revision string     */
  DbgEnd              dbg_end ;  /* function for debug closing       */
  DbgLog              dbg_prt ;  /* function for debug appending     */
diff --git a/drivers/isdn/hardware/eicon/debug.c b/drivers/isdn/hardware/eicon/debug.c
index 33ce89e..3626401 100644
--- a/drivers/isdn/hardware/eicon/debug.c
+++ b/drivers/isdn/hardware/eicon/debug.c
@@ -862,7 +862,7 @@ void diva_mnt_add_xdi_adapter (const DESCRIPTOR* d) {
   diva_os_spin_lock_magic_t old_irql, old_irql1;
   dword sec, usec, logical, serial, org_mask;
   int id, best_id = 0, free_id = -1;
-  char tmp[256];
+  char tmp[128];
   diva_dbg_entry_head_t* pmsg = NULL;
   int len;
   word size;

^ permalink raw reply related	[flat|nested] 20+ messages in thread

* [patch] eicon: make buffer larger
@ 2010-10-04 19:24 ` Dan Carpenter
  0 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-04 19:24 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

In diva_mnt_add_xdi_adapter() we do this:
  strcpy (clients[id].drvName,     tmp);
  strcpy (clients[id].Dbg.drvName, tmp);

The "clients[id].drvName" is a 128 character buffer and
"clients[id].Dbg.drvName" was originally a 16 character buffer but I've
changed it to 128 as well.  We don't actually use 128 characters but we
do use more than 16.

I've also changed the size of "tmp" to 128 characters instead of 256.

Signed-off-by: Dan Carpenter <error27@gmail.com>

diff --git a/drivers/isdn/hardware/eicon/debuglib.h b/drivers/isdn/hardware/eicon/debuglib.h
index 8ea5877..02eed6b 100644
--- a/drivers/isdn/hardware/eicon/debuglib.h
+++ b/drivers/isdn/hardware/eicon/debuglib.h
@@ -249,7 +249,7 @@ typedef struct _DbgHandle_
  }     regTime ;  /* timestamp for registration       */
  void               *pIrp ;   /* ptr to pending i/o request       */
  unsigned long       dbgMask ;  /* current debug mask               */
- char                drvName[16] ; /* ASCII name of registered driver  */
+ char                drvName[128] ; /* ASCII name of registered driver  */
  char                drvTag[64] ; /* revision string     */
  DbgEnd              dbg_end ;  /* function for debug closing       */
  DbgLog              dbg_prt ;  /* function for debug appending     */
diff --git a/drivers/isdn/hardware/eicon/debug.c b/drivers/isdn/hardware/eicon/debug.c
index 33ce89e..3626401 100644
--- a/drivers/isdn/hardware/eicon/debug.c
+++ b/drivers/isdn/hardware/eicon/debug.c
@@ -862,7 +862,7 @@ void diva_mnt_add_xdi_adapter (const DESCRIPTOR* d) {
   diva_os_spin_lock_magic_t old_irql, old_irql1;
   dword sec, usec, logical, serial, org_mask;
   int id, best_id = 0, free_id = -1;
-  char tmp[256];
+  char tmp[128];
   diva_dbg_entry_head_t* pmsg = NULL;
   int len;
   word size;

^ permalink raw reply related	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-04 19:24 ` Dan Carpenter
@ 2010-10-06  7:25   ` Armin Schindler
  -1 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06  7:25 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Mon, 4 Oct 2010, Dan Carpenter wrote:
> In diva_mnt_add_xdi_adapter() we do this:
>  strcpy (clients[id].drvName,     tmp);
>  strcpy (clients[id].Dbg.drvName, tmp);
>
> The "clients[id].drvName" is a 128 character buffer and
> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
> changed it to 128 as well.  We don't actually use 128 characters but we
> do use more than 16.

I don't see any reason for that change. The driver names here do not use 
more than 16 characters and when filled, the length is checked anyway.
Please avoid changing the size of that structure.

Armin

> I've also changed the size of "tmp" to 128 characters instead of 256.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/drivers/isdn/hardware/eicon/debuglib.h b/drivers/isdn/hardware/eicon/debuglib.h
> index 8ea5877..02eed6b 100644
> --- a/drivers/isdn/hardware/eicon/debuglib.h
> +++ b/drivers/isdn/hardware/eicon/debuglib.h
> @@ -249,7 +249,7 @@ typedef struct _DbgHandle_
>  }     regTime ;  /* timestamp for registration       */
>  void               *pIrp ;   /* ptr to pending i/o request       */
>  unsigned long       dbgMask ;  /* current debug mask               */
> - char                drvName[16] ; /* ASCII name of registered driver  */
> + char                drvName[128] ; /* ASCII name of registered driver  */
>  char                drvTag[64] ; /* revision string     */
>  DbgEnd              dbg_end ;  /* function for debug closing       */
>  DbgLog              dbg_prt ;  /* function for debug appending     */
> diff --git a/drivers/isdn/hardware/eicon/debug.c b/drivers/isdn/hardware/eicon/debug.c
> index 33ce89e..3626401 100644
> --- a/drivers/isdn/hardware/eicon/debug.c
> +++ b/drivers/isdn/hardware/eicon/debug.c
> @@ -862,7 +862,7 @@ void diva_mnt_add_xdi_adapter (const DESCRIPTOR* d) {
>   diva_os_spin_lock_magic_t old_irql, old_irql1;
>   dword sec, usec, logical, serial, org_mask;
>   int id, best_id = 0, free_id = -1;
> -  char tmp[256];
> +  char tmp[128];
>   diva_dbg_entry_head_t* pmsg = NULL;
>   int len;
>   word size;
>

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06  7:25   ` Armin Schindler
  0 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06  7:25 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Mon, 4 Oct 2010, Dan Carpenter wrote:
> In diva_mnt_add_xdi_adapter() we do this:
>  strcpy (clients[id].drvName,     tmp);
>  strcpy (clients[id].Dbg.drvName, tmp);
>
> The "clients[id].drvName" is a 128 character buffer and
> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
> changed it to 128 as well.  We don't actually use 128 characters but we
> do use more than 16.

I don't see any reason for that change. The driver names here do not use 
more than 16 characters and when filled, the length is checked anyway.
Please avoid changing the size of that structure.

Armin

> I've also changed the size of "tmp" to 128 characters instead of 256.
>
> Signed-off-by: Dan Carpenter <error27@gmail.com>
>
> diff --git a/drivers/isdn/hardware/eicon/debuglib.h b/drivers/isdn/hardware/eicon/debuglib.h
> index 8ea5877..02eed6b 100644
> --- a/drivers/isdn/hardware/eicon/debuglib.h
> +++ b/drivers/isdn/hardware/eicon/debuglib.h
> @@ -249,7 +249,7 @@ typedef struct _DbgHandle_
>  }     regTime ;  /* timestamp for registration       */
>  void               *pIrp ;   /* ptr to pending i/o request       */
>  unsigned long       dbgMask ;  /* current debug mask               */
> - char                drvName[16] ; /* ASCII name of registered driver  */
> + char                drvName[128] ; /* ASCII name of registered driver  */
>  char                drvTag[64] ; /* revision string     */
>  DbgEnd              dbg_end ;  /* function for debug closing       */
>  DbgLog              dbg_prt ;  /* function for debug appending     */
> diff --git a/drivers/isdn/hardware/eicon/debug.c b/drivers/isdn/hardware/eicon/debug.c
> index 33ce89e..3626401 100644
> --- a/drivers/isdn/hardware/eicon/debug.c
> +++ b/drivers/isdn/hardware/eicon/debug.c
> @@ -862,7 +862,7 @@ void diva_mnt_add_xdi_adapter (const DESCRIPTOR* d) {
>   diva_os_spin_lock_magic_t old_irql, old_irql1;
>   dword sec, usec, logical, serial, org_mask;
>   int id, best_id = 0, free_id = -1;
> -  char tmp[256];
> +  char tmp[128];
>   diva_dbg_entry_head_t* pmsg = NULL;
>   int len;
>   word size;
>

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-06  7:25   ` Armin Schindler
@ 2010-10-06  7:47     ` Dan Carpenter
  -1 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-06  7:47 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>> In diva_mnt_add_xdi_adapter() we do this:
>>  strcpy (clients[id].drvName,     tmp);
>>  strcpy (clients[id].Dbg.drvName, tmp);
>>
>> The "clients[id].drvName" is a 128 character buffer and
>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>> changed it to 128 as well.  We don't actually use 128 characters but we
>> do use more than 16.
>
> I don't see any reason for that change. The driver names here do not use  
> more than 16 characters and when filled, the length is checked anyway.
> Please avoid changing the size of that structure.
>

drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
                           12345678 90123 45 67

	That's a minimum 17 characters.

   875               (int)logical,
   876               serial & 0x00ffffff,
   877               (byte)(((serial & 0xff000000) >> 24) + 1));
   878    } else {
   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
   880    }

regards,
dan carpenter

> Armin


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06  7:47     ` Dan Carpenter
  0 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-06  7:47 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>> In diva_mnt_add_xdi_adapter() we do this:
>>  strcpy (clients[id].drvName,     tmp);
>>  strcpy (clients[id].Dbg.drvName, tmp);
>>
>> The "clients[id].drvName" is a 128 character buffer and
>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>> changed it to 128 as well.  We don't actually use 128 characters but we
>> do use more than 16.
>
> I don't see any reason for that change. The driver names here do not use  
> more than 16 characters and when filled, the length is checked anyway.
> Please avoid changing the size of that structure.
>

drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
                           12345678 90123 45 67

	That's a minimum 17 characters.

   875               (int)logical,
   876               serial & 0x00ffffff,
   877               (byte)(((serial & 0xff000000) >> 24) + 1));
   878    } else {
   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
   880    }

regards,
dan carpenter

> Armin


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-06  7:47     ` Dan Carpenter
@ 2010-10-06  8:16       ` walter harms
  -1 siblings, 0 replies; 20+ messages in thread
From: walter harms @ 2010-10-06  8:16 UTC (permalink / raw)
  To: Dan Carpenter, Armin Schindler, Karsten Keil, netdev,
	linux-kernel, kernel-janitors



Dan Carpenter schrieb:
> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>> In diva_mnt_add_xdi_adapter() we do this:
>>>  strcpy (clients[id].drvName,     tmp);
>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>
>>> The "clients[id].drvName" is a 128 character buffer and
>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>> do use more than 16.
>> I don't see any reason for that change. The driver names here do not use  
>> more than 16 characters and when filled, the length is checked anyway.
>> Please avoid changing the size of that structure.
>>
> 
> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>    874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>                            12345678 90123 45 67
> 
> 	That's a minimum 17 characters.
> 
>    875               (int)logical,
>    876               serial & 0x00ffffff,
>    877               (byte)(((serial & 0xff000000) >> 24) + 1));
>    878    } else {
>    879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>    880    }
> 


for that reason i am a fan of kasprintf().
Maybe this a solution here also ? samething like:

kasprintf (&buf, "ADAPTER:%d SN:%u-%d",12345678,90123,45,67):
...
kstrncpy(tmp,buf,sizeof(buf));
....
free(buf);

that would keep overflows away until the changes in the structure are ready.

re,
 wh

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06  8:16       ` walter harms
  0 siblings, 0 replies; 20+ messages in thread
From: walter harms @ 2010-10-06  8:16 UTC (permalink / raw)
  To: Dan Carpenter, Armin Schindler, Karsten Keil, netdev,
	linux-kernel, kernel-janitors



Dan Carpenter schrieb:
> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>> In diva_mnt_add_xdi_adapter() we do this:
>>>  strcpy (clients[id].drvName,     tmp);
>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>
>>> The "clients[id].drvName" is a 128 character buffer and
>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>> do use more than 16.
>> I don't see any reason for that change. The driver names here do not use  
>> more than 16 characters and when filled, the length is checked anyway.
>> Please avoid changing the size of that structure.
>>
> 
> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>    874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>                            12345678 90123 45 67
> 
> 	That's a minimum 17 characters.
> 
>    875               (int)logical,
>    876               serial & 0x00ffffff,
>    877               (byte)(((serial & 0xff000000) >> 24) + 1));
>    878    } else {
>    879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>    880    }
> 


for that reason i am a fan of kasprintf().
Maybe this a solution here also ? samething like:

kasprintf (&buf, "ADAPTER:%d SN:%u-%d",12345678,90123,45,67):
...
kstrncpy(tmp,buf,sizeof(buf));
....
free(buf);

that would keep overflows away until the changes in the structure are ready.

re,
 wh

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-06  7:47     ` Dan Carpenter
@ 2010-10-06  8:21       ` Armin Schindler
  -1 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06  8:21 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, 6 Oct 2010, Dan Carpenter wrote:
> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>> In diva_mnt_add_xdi_adapter() we do this:
>>>  strcpy (clients[id].drvName,     tmp);
>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>
>>> The "clients[id].drvName" is a 128 character buffer and
>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>> do use more than 16.
>>
>> I don't see any reason for that change. The driver names here do not use
>> more than 16 characters and when filled, the length is checked anyway.
>> Please avoid changing the size of that structure.
>>
>
> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>                           12345678 90123 45 67
>
> 	That's a minimum 17 characters.
>
>   875               (int)logical,
>   876               serial & 0x00ffffff,
>   877               (byte)(((serial & 0xff000000) >> 24) + 1));
>   878    } else {
>   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>   880    }

this is tmp with a bigger size. It seems you are mixing the sizes of 
drvName and tmp.

Armin

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06  8:21       ` Armin Schindler
  0 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06  8:21 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, 6 Oct 2010, Dan Carpenter wrote:
> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>> In diva_mnt_add_xdi_adapter() we do this:
>>>  strcpy (clients[id].drvName,     tmp);
>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>
>>> The "clients[id].drvName" is a 128 character buffer and
>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>> do use more than 16.
>>
>> I don't see any reason for that change. The driver names here do not use
>> more than 16 characters and when filled, the length is checked anyway.
>> Please avoid changing the size of that structure.
>>
>
> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>                           12345678 90123 45 67
>
> 	That's a minimum 17 characters.
>
>   875               (int)logical,
>   876               serial & 0x00ffffff,
>   877               (byte)(((serial & 0xff000000) >> 24) + 1));
>   878    } else {
>   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>   880    }

this is tmp with a bigger size. It seems you are mixing the sizes of 
drvName and tmp.

Armin

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-06  8:21       ` Armin Schindler
@ 2010-10-06  8:31         ` Dan Carpenter
  -1 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-06  8:31 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, Oct 06, 2010 at 10:21:02AM +0200, Armin Schindler wrote:
> On Wed, 6 Oct 2010, Dan Carpenter wrote:
>> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>>> In diva_mnt_add_xdi_adapter() we do this:
>>>>  strcpy (clients[id].drvName,     tmp);
>>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>>
>>>> The "clients[id].drvName" is a 128 character buffer and
>>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>>> do use more than 16.
>>>
>>> I don't see any reason for that change. The driver names here do not use
>>> more than 16 characters and when filled, the length is checked anyway.
>>> Please avoid changing the size of that structure.
>>>
>>
>> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>>   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>>                           12345678 90123 45 67
>>
>> 	That's a minimum 17 characters.
>>
>>   875               (int)logical,
>>   876               serial & 0x00ffffff,
>>   877               (byte)(((serial & 0xff000000) >> 24) + 1));
>>   878    } else {
>>   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>>   880    }
>
> this is tmp with a bigger size. It seems you are mixing the sizes of  
> drvName and tmp.
>

What I mean is that later on we use strcpy() to copy "tmp" into
"clients[id].Dbg.drvName"

   927    strcpy (clients[id].drvName,     tmp);
   928    strcpy (clients[id].Dbg.drvName, tmp);
                               ^
                    this buffer is only 16 chars

regards,
dan carpenter

> Armin

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06  8:31         ` Dan Carpenter
  0 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-06  8:31 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, Oct 06, 2010 at 10:21:02AM +0200, Armin Schindler wrote:
> On Wed, 6 Oct 2010, Dan Carpenter wrote:
>> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>>> In diva_mnt_add_xdi_adapter() we do this:
>>>>  strcpy (clients[id].drvName,     tmp);
>>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>>
>>>> The "clients[id].drvName" is a 128 character buffer and
>>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>>> do use more than 16.
>>>
>>> I don't see any reason for that change. The driver names here do not use
>>> more than 16 characters and when filled, the length is checked anyway.
>>> Please avoid changing the size of that structure.
>>>
>>
>> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>>   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>>                           12345678 90123 45 67
>>
>> 	That's a minimum 17 characters.
>>
>>   875               (int)logical,
>>   876               serial & 0x00ffffff,
>>   877               (byte)(((serial & 0xff000000) >> 24) + 1));
>>   878    } else {
>>   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>>   880    }
>
> this is tmp with a bigger size. It seems you are mixing the sizes of  
> drvName and tmp.
>

What I mean is that later on we use strcpy() to copy "tmp" into
"clients[id].Dbg.drvName"

   927    strcpy (clients[id].drvName,     tmp);
   928    strcpy (clients[id].Dbg.drvName, tmp);
                               ^
                    this buffer is only 16 chars

regards,
dan carpenter

> Armin

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-06  8:31         ` Dan Carpenter
@ 2010-10-06  8:44           ` Armin Schindler
  -1 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06  8:44 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, 6 Oct 2010, Dan Carpenter wrote:
> On Wed, Oct 06, 2010 at 10:21:02AM +0200, Armin Schindler wrote:
>> On Wed, 6 Oct 2010, Dan Carpenter wrote:
>>> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>>>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>>>> In diva_mnt_add_xdi_adapter() we do this:
>>>>>  strcpy (clients[id].drvName,     tmp);
>>>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>>>
>>>>> The "clients[id].drvName" is a 128 character buffer and
>>>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>>>> do use more than 16.
>>>>
>>>> I don't see any reason for that change. The driver names here do not use
>>>> more than 16 characters and when filled, the length is checked anyway.
>>>> Please avoid changing the size of that structure.
>>>>
>>>
>>> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>>>   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>>>                           12345678 90123 45 67
>>>
>>> 	That's a minimum 17 characters.
>>>
>>>   875               (int)logical,
>>>   876               serial & 0x00ffffff,
>>>   877               (byte)(((serial & 0xff000000) >> 24) + 1));
>>>   878    } else {
>>>   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>>>   880    }
>>
>> this is tmp with a bigger size. It seems you are mixing the sizes of
>> drvName and tmp.
>>
>
> What I mean is that later on we use strcpy() to copy "tmp" into
> "clients[id].Dbg.drvName"
>
>   927    strcpy (clients[id].drvName,     tmp);
>   928    strcpy (clients[id].Dbg.drvName, tmp);
>                               ^
>                    this buffer is only 16 chars

Now I understand. You are right. So the fix would be to change these 
strcpy() to e.g. strncpy() or similar.

Armin


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06  8:44           ` Armin Schindler
  0 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06  8:44 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, 6 Oct 2010, Dan Carpenter wrote:
> On Wed, Oct 06, 2010 at 10:21:02AM +0200, Armin Schindler wrote:
>> On Wed, 6 Oct 2010, Dan Carpenter wrote:
>>> On Wed, Oct 06, 2010 at 09:25:44AM +0200, Armin Schindler wrote:
>>>> On Mon, 4 Oct 2010, Dan Carpenter wrote:
>>>>> In diva_mnt_add_xdi_adapter() we do this:
>>>>>  strcpy (clients[id].drvName,     tmp);
>>>>>  strcpy (clients[id].Dbg.drvName, tmp);
>>>>>
>>>>> The "clients[id].drvName" is a 128 character buffer and
>>>>> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
>>>>> changed it to 128 as well.  We don't actually use 128 characters but we
>>>>> do use more than 16.
>>>>
>>>> I don't see any reason for that change. The driver names here do not use
>>>> more than 16 characters and when filled, the length is checked anyway.
>>>> Please avoid changing the size of that structure.
>>>>
>>>
>>> drivers/isdn/hardware/eicon/debug.c diva_mnt_add_xdi_adapter()
>>>   874      sprintf (tmp, "ADAPTER:%d SN:%u-%d",
>>>                           12345678 90123 45 67
>>>
>>> 	That's a minimum 17 characters.
>>>
>>>   875               (int)logical,
>>>   876               serial & 0x00ffffff,
>>>   877               (byte)(((serial & 0xff000000) >> 24) + 1));
>>>   878    } else {
>>>   879      sprintf (tmp, "ADAPTER:%d SN:%u", (int)logical, serial);
>>>   880    }
>>
>> this is tmp with a bigger size. It seems you are mixing the sizes of
>> drvName and tmp.
>>
>
> What I mean is that later on we use strcpy() to copy "tmp" into
> "clients[id].Dbg.drvName"
>
>   927    strcpy (clients[id].drvName,     tmp);
>   928    strcpy (clients[id].Dbg.drvName, tmp);
>                               ^
>                    this buffer is only 16 chars

Now I understand. You are right. So the fix would be to change these 
strcpy() to e.g. strncpy() or similar.

Armin


^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-06  8:44           ` Armin Schindler
@ 2010-10-06 12:11             ` Dan Carpenter
  -1 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-06 12:11 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, Oct 06, 2010 at 10:44:47AM +0200, Armin Schindler wrote:
>>   927    strcpy (clients[id].drvName,     tmp);
>>   928    strcpy (clients[id].Dbg.drvName, tmp);
>>                               ^
>>                    this buffer is only 16 chars
>
> Now I understand. You are right. So the fix would be to change these  
> strcpy() to e.g. strncpy() or similar.
>

We need more than 16 characters to store the information.  What is the
problem with just making the buffer larger?

regards,
dan carpenter

> Armin

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06 12:11             ` Dan Carpenter
  0 siblings, 0 replies; 20+ messages in thread
From: Dan Carpenter @ 2010-10-06 12:11 UTC (permalink / raw)
  To: Armin Schindler; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, Oct 06, 2010 at 10:44:47AM +0200, Armin Schindler wrote:
>>   927    strcpy (clients[id].drvName,     tmp);
>>   928    strcpy (clients[id].Dbg.drvName, tmp);
>>                               ^
>>                    this buffer is only 16 chars
>
> Now I understand. You are right. So the fix would be to change these  
> strcpy() to e.g. strncpy() or similar.
>

We need more than 16 characters to store the information.  What is the
problem with just making the buffer larger?

regards,
dan carpenter

> Armin

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-06 12:11             ` Dan Carpenter
@ 2010-10-06 12:49               ` Armin Schindler
  -1 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06 12:49 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, 6 Oct 2010, Dan Carpenter wrote:
> On Wed, Oct 06, 2010 at 10:44:47AM +0200, Armin Schindler wrote:
>>>   927    strcpy (clients[id].drvName,     tmp);
>>>   928    strcpy (clients[id].Dbg.drvName, tmp);
>>>                               ^
>>>                    this buffer is only 16 chars
>>
>> Now I understand. You are right. So the fix would be to change these
>> strcpy() to e.g. strncpy() or similar.
>>
>
> We need more than 16 characters to store the information.  What is the
> problem with just making the buffer larger?

The larger buffer is not really needed. Later versions of the driver will 
use the strcpy/memcpy with checked size anyway.
I just want to avoid a change in the debug structure which is used in more than one module/tool.

But it shouldn't be a real problem.

Armin



^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-06 12:49               ` Armin Schindler
  0 siblings, 0 replies; 20+ messages in thread
From: Armin Schindler @ 2010-10-06 12:49 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Karsten Keil, netdev, linux-kernel, kernel-janitors

On Wed, 6 Oct 2010, Dan Carpenter wrote:
> On Wed, Oct 06, 2010 at 10:44:47AM +0200, Armin Schindler wrote:
>>>   927    strcpy (clients[id].drvName,     tmp);
>>>   928    strcpy (clients[id].Dbg.drvName, tmp);
>>>                               ^
>>>                    this buffer is only 16 chars
>>
>> Now I understand. You are right. So the fix would be to change these
>> strcpy() to e.g. strncpy() or similar.
>>
>
> We need more than 16 characters to store the information.  What is the
> problem with just making the buffer larger?

The larger buffer is not really needed. Later versions of the driver will 
use the strcpy/memcpy with checked size anyway.
I just want to avoid a change in the debug structure which is used in more than one module/tool.

But it shouldn't be a real problem.

Armin



^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
  2010-10-04 19:24 ` Dan Carpenter
@ 2010-10-07  6:30   ` David Miller
  -1 siblings, 0 replies; 20+ messages in thread
From: David Miller @ 2010-10-07  6:30 UTC (permalink / raw)
  To: error27; +Cc: mac, isdn, netdev, linux-kernel, kernel-janitors

From: Dan Carpenter <error27@gmail.com>
Date: Mon, 4 Oct 2010 21:24:59 +0200

> In diva_mnt_add_xdi_adapter() we do this:
>   strcpy (clients[id].drvName,     tmp);
>   strcpy (clients[id].Dbg.drvName, tmp);
> 
> The "clients[id].drvName" is a 128 character buffer and
> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
> changed it to 128 as well.  We don't actually use 128 characters but we
> do use more than 16.
> 
> I've also changed the size of "tmp" to 128 characters instead of 256.
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>

Applied.

^ permalink raw reply	[flat|nested] 20+ messages in thread

* Re: [patch] eicon: make buffer larger
@ 2010-10-07  6:30   ` David Miller
  0 siblings, 0 replies; 20+ messages in thread
From: David Miller @ 2010-10-07  6:30 UTC (permalink / raw)
  To: error27; +Cc: mac, isdn, netdev, linux-kernel, kernel-janitors

From: Dan Carpenter <error27@gmail.com>
Date: Mon, 4 Oct 2010 21:24:59 +0200

> In diva_mnt_add_xdi_adapter() we do this:
>   strcpy (clients[id].drvName,     tmp);
>   strcpy (clients[id].Dbg.drvName, tmp);
> 
> The "clients[id].drvName" is a 128 character buffer and
> "clients[id].Dbg.drvName" was originally a 16 character buffer but I've
> changed it to 128 as well.  We don't actually use 128 characters but we
> do use more than 16.
> 
> I've also changed the size of "tmp" to 128 characters instead of 256.
> 
> Signed-off-by: Dan Carpenter <error27@gmail.com>

Applied.

^ permalink raw reply	[flat|nested] 20+ messages in thread

end of thread, other threads:[~2010-10-07  6:30 UTC | newest]

Thread overview: 20+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-04 19:24 [patch] eicon: make buffer larger Dan Carpenter
2010-10-04 19:24 ` Dan Carpenter
2010-10-06  7:25 ` Armin Schindler
2010-10-06  7:25   ` Armin Schindler
2010-10-06  7:47   ` Dan Carpenter
2010-10-06  7:47     ` Dan Carpenter
2010-10-06  8:16     ` walter harms
2010-10-06  8:16       ` walter harms
2010-10-06  8:21     ` Armin Schindler
2010-10-06  8:21       ` Armin Schindler
2010-10-06  8:31       ` Dan Carpenter
2010-10-06  8:31         ` Dan Carpenter
2010-10-06  8:44         ` Armin Schindler
2010-10-06  8:44           ` Armin Schindler
2010-10-06 12:11           ` Dan Carpenter
2010-10-06 12:11             ` Dan Carpenter
2010-10-06 12:49             ` Armin Schindler
2010-10-06 12:49               ` Armin Schindler
2010-10-07  6:30 ` David Miller
2010-10-07  6:30   ` David Miller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.