* strlen_user and keys
@ 2006-04-08 21:06 Andries.Brouwer
2006-04-10 10:18 ` David Howells
0 siblings, 1 reply; 2+ messages in thread
From: Andries.Brouwer @ 2006-04-08 21:06 UTC (permalink / raw)
To: linux-kernel
[faraway from home, not near recent kernel source]
strnlen_user() is documented as returning the string length including
terminating NUL. Probably that was a bad idea - people expect that
if user space and kernel library functions have similar names, they do
similar things. The shouting "INCLUDING" in the description already
shows that also the author expected that bugs would be created by
using this name.
[see, e.g., arch/i386/lib/usercopy.c]
security/keys/keyctl.c does
dlen = strnlen_user(_description, PAGE_SIZE - 1);
description = kmalloc(dlen + 1, GFP_KERNEL);
copy_from_user(description, _description, dlen + 1);
copying one byte too many.
(Thus in some unknown kernel source tree, maybe 2.6.14.
This may have been fixed already.)
Andries
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-04-10 10:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-04-08 21:06 strlen_user and keys Andries.Brouwer
2006-04-10 10:18 ` David Howells
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.