Re: [PATCH] s390 keyboard: Avoid off-by-one when using strnlen_user()

linux-s390.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Heiko Carstens <heiko.carstens@de.ibm.com>
To: linux-s390@vger.kernel.org
Subject: Re: [PATCH] s390 keyboard: Avoid off-by-one when using strnlen_user()
Date: Wed, 03 Jun 2015 12:27:37 +0000	[thread overview]
Message-ID: <20150603122737.GA22721@osiris> (raw)
In-Reply-To: <20150603084742.GD13054@quack.suse.cz>

On Wed, Jun 03, 2015 at 10:47:42AM +0200, Jan Kara wrote:
> On Wed 03-06-15 09:50:30, Martin Schwidefsky wrote:
> > On Tue,  2 Jun 2015 17:07:33 +0200
> > Jan Kara <jack@suse.cz> wrote:
> > 
> > > strnlen_user() returns the length of the string including terminating 0.
> > > So avoid counting it again and unnecessarily reducing maximum string
> > > size by 1.
> > > 
> > > CC: Heiko Carstens <heiko.carstens@de.ibm.com>
> > > Signed-off-by: Jan Kara <jack@suse.cz>
[...]
> > 
> > The simplification with the string length is nice but removing
> > the explicit NUL termination is imho a mistake. Who guarantees
> > you that the string in user space is still the same after the
> > initial strnlen_user? It might have changed before the
> > copy_from_user call and then we end up with an unterminated
> > string in the kernel. Not good.
> Ah, that's a good point. Thanks for catching this. But it would deserve
> a comment in the code. Attached is an updated patch.

Nice ;) I applied your updated patch instead.

Thanks!

          parent reply	other threads:[~2015-06-03 12:27 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <20150603084742.GD13054@quack.suse.cz>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150603122737.GA22721@osiris \
    --to=heiko.carstens@de.ibm.com \
    --cc=linux-s390@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).