From: "Nicolas de Pesloüan" <nicolas.2p.debian@gmail.com>
To: Vasiliy Kulikov <segoon@openwall.com>
Cc: linux-kernel@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <eric.dumazet@gmail.com>,
Tom Herbert <therbert@google.com>,
Changli Gao <xiaosuo@gmail.com>, Jesse Gross <jesse@nicira.com>,
netdev@vger.kernel.org
Subject: Re: [PATCH] core: dev: don't call BUG() on bad input
Date: Mon, 14 Feb 2011 13:16:04 +0100 [thread overview]
Message-ID: <4D591D04.4050000@gmail.com> (raw)
In-Reply-To: <1297680967-11893-1-git-send-email-segoon@openwall.com>
Le 14/02/2011 11:56, Vasiliy Kulikov a écrit :
> alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
> Currently this leads to BUG(). Other insane inputs (bad txqs, rxqs) and
> even OOM don't lead to BUG(). Made alloc_netdev() return NULL, like on
> other errors.
>
> Signed-off-by: Vasiliy Kulikov<segoon@openwall.com>
> ---
> Compile tested.
>
> net/core/dev.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 6392ea0..12ef4b0 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -5761,7 +5761,10 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
> size_t alloc_size;
> struct net_device *p;
>
> - BUG_ON(strlen(name)>= sizeof(dev->name));
> + if (strnlen(name, sizeof(dev->name))>= sizeof(dev->name)) {
"size_t strnlen(const char *s, size_t maxlen) : The strnlen() function returns strlen(s), if that is
less than maxlen, or maxlen if there is no '\0' character among the first maxlen characters pointed
to by s."
How can strnlen(name, sizeof(dev->name)) be greater than sizeof(dev->name)?
Shouldn't it be "if (strnlen(name, sizeof(dev->name)) == sizeof(dev->name))" instead?
Nicolas.
> + pr_err("alloc_netdev: Too long device name \n");
> + return NULL;
> + }
>
> if (txqs< 1) {
> pr_err("alloc_netdev: Unable to allocate device "
next prev parent reply other threads:[~2011-02-14 12:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-14 10:56 [PATCH] core: dev: don't call BUG() on bad input Vasiliy Kulikov
2011-02-14 12:16 ` Nicolas de Pesloüan [this message]
2011-02-14 12:23 ` Vasiliy Kulikov
2011-02-14 13:01 ` Nicolas de Pesloüan
2011-02-15 23:02 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D591D04.4050000@gmail.com \
--to=nicolas.2p.debian@gmail.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jesse@nicira.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=segoon@openwall.com \
--cc=therbert@google.com \
--cc=xiaosuo@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox