From mboxrd@z Thu Jan  1 00:00:00 1970
From: walter harms <wharms@bfs.de>
Date: Mon, 26 Feb 2007 08:15:18 +0000
Subject: Re: [KJ] [PATCH] Fix bufferoverflow and races in capi debug
Message-Id: <45E29716.1090104@bfs.de>
List-Id: <kernel-janitors.vger.kernel.org>
References: <20070225184951.GA8615@pingi.kke.suse.de>
In-Reply-To: <20070225184951.GA8615@pingi.kke.suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: kernel-janitors@vger.kernel.org


this reminds me of the glibc asprint() funktion. IMHO it would be useful to have this
as kernelfunction, because printing in a buffer for e.g. for proc and friends is commen.

comments ?

re,
 wh

Karsten Keil wrote:
> The CAPI trace debug functions were using a fixed size buffer, which can be
> overflowed if wrong formatted CAPI messages were sent to the kernel capi
> layer. The code was also not protected against multiple callers.
> This fix bug 8028.
> Additional the patch make the CAPI trace functions optional.
> 
> Signed-off-by: Karsten Keil <kkeil@suse.de>
> 
>
>  #include <stdarg.h>
>  
>  /*-------------------------------------------------------*/
> -static void bufprint(char *fmt,...)
> +static _cdebbuf *bufprint(_cdebbuf *cdb, char *fmt,...)
>  {
>  	va_list f;
> +	size_t n,r;
> +
> +	if (!cdb)
> +		return NULL;
>  	va_start(f, fmt);
> -	vsprintf(p, fmt, f);
> +	r = cdb->size - cdb->pos;
> +	n = vsnprintf(cdb->p, r, fmt, f);
>  	va_end(f);
> -	p += strlen(p);
> +	if (n >= r) {
> +		/* truncated, need bigger buffer */
> +		size_t ns = 2 * cdb->size;
> +		u_char *nb;
> +
> +		while ((ns - cdb->pos) <= n)
> +			ns *= 2;
> +		nb = kmalloc(ns, GFP_ATOMIC);
> +		if (!nb) {
> +			cdebbuf_free(cdb);
> +			return NULL;
> +		}
> +		memcpy(nb, cdb->buf, cdb->pos);
> +		kfree(cdb->buf);
> +		nb[cdb->pos] = 0;
> +		cdb->buf = nb;
> +		cdb->p = cdb->buf + cdb->pos;
> +		cdb->size = ns;
> +		va_start(f, fmt);
> +		r = cdb->size - cdb->pos;
> +		n = vsnprintf(cdb->p, r, fmt, f);
> +		va_end(f);
> +	}
> +	cdb->p += n;
> +	cdb->pos += n;
> +	return cdb;
>  }
>  

_______________________________________________
Kernel-janitors mailing list
Kernel-janitors@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/kernel-janitors