From: Robert Hancock <hancockr@shaw.ca>
To: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: Bogus buffer length check in linux-2.6.11 read()
Date: Tue, 15 Mar 2005 17:59:30 -0600 [thread overview]
Message-ID: <423776E2.5000801@shaw.ca> (raw)
In-Reply-To: <3IoOm-5M2-49@gated-at.bofh.it>
linux-os wrote:
>
> The attached file shows that the kernel thinks it's doing
> something helpful by checking the length of the input
> buffer for a read(). It will return "Bad Address" until
> the length is 1632 bytes. Apparently the kernel thinks
> 1632 is a good length!
Likely because only 1632 bytes of memory is accessible after the start
of the buf buffer, and trying to read in more than that results in
copy_to_user failing to write some data.
>
> Did anybody consider the overhead necessary to do this
> and the fact that the kernel has no way of knowing if
> the pointer to the buffer is valid until it actually
> does the write. What was wrong with copy_to_user()?
> Why is there the additional bogus check?
What additional check?
--
Robert Hancock Saskatoon, SK, Canada
To email, remove "nospam" from hancockr@nospamshaw.ca
Home Page: http://www.roberthancock.com/
next parent reply other threads:[~2005-03-16 0:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3IoOm-5M2-49@gated-at.bofh.it>
2005-03-15 23:59 ` Robert Hancock [this message]
2005-03-16 12:23 ` Bogus buffer length check in linux-2.6.11 read() linux-os
[not found] ` <3IwVv-4kD-17@gated-at.bofh.it>
[not found] ` <3IFYO-3eg-37@gated-at.bofh.it>
[not found] ` <3IGUS-46t-27@gated-at.bofh.it>
[not found] ` <3IHxD-4Gb-5@gated-at.bofh.it>
2005-03-16 14:37 ` Robert Hancock
2005-03-15 17:59 linux-os
2005-03-16 2:56 ` Tom Felker
2005-03-16 12:29 ` linux-os
2005-03-16 13:30 ` Ian Campbell
2005-03-16 14:11 ` linux-os
2005-03-16 14:42 ` Eric Dumazet
2005-03-16 14:51 ` linux-os
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=423776E2.5000801@shaw.ca \
--to=hancockr@shaw.ca \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.