* [PATCH] core: dev: don't call BUG() on bad input
@ 2011-02-14 10:56 Vasiliy Kulikov
2011-02-14 12:16 ` Nicolas de Pesloüan
2011-02-15 23:02 ` Stephen Hemminger
0 siblings, 2 replies; 5+ messages in thread
From: Vasiliy Kulikov @ 2011-02-14 10:56 UTC (permalink / raw)
To: linux-kernel
Cc: David S. Miller, Eric Dumazet, Tom Herbert, Changli Gao,
Jesse Gross, netdev
alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
Currently this leads to BUG(). Other insane inputs (bad txqs, rxqs) and
even OOM don't lead to BUG(). Made alloc_netdev() return NULL, like on
other errors.
Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
---
Compile tested.
net/core/dev.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 6392ea0..12ef4b0 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -5761,7 +5761,10 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
size_t alloc_size;
struct net_device *p;
- BUG_ON(strlen(name) >= sizeof(dev->name));
+ if (strnlen(name, sizeof(dev->name)) >= sizeof(dev->name)) {
+ pr_err("alloc_netdev: Too long device name \n");
+ return NULL;
+ }
if (txqs < 1) {
pr_err("alloc_netdev: Unable to allocate device "
--
1.7.0.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] core: dev: don't call BUG() on bad input
2011-02-14 10:56 [PATCH] core: dev: don't call BUG() on bad input Vasiliy Kulikov
@ 2011-02-14 12:16 ` Nicolas de Pesloüan
2011-02-14 12:23 ` Vasiliy Kulikov
2011-02-15 23:02 ` Stephen Hemminger
1 sibling, 1 reply; 5+ messages in thread
From: Nicolas de Pesloüan @ 2011-02-14 12:16 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: linux-kernel, David S. Miller, Eric Dumazet, Tom Herbert,
Changli Gao, Jesse Gross, netdev
Le 14/02/2011 11:56, Vasiliy Kulikov a écrit :
> alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
> Currently this leads to BUG(). Other insane inputs (bad txqs, rxqs) and
> even OOM don't lead to BUG(). Made alloc_netdev() return NULL, like on
> other errors.
>
> Signed-off-by: Vasiliy Kulikov<segoon@openwall.com>
> ---
> Compile tested.
>
> net/core/dev.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 6392ea0..12ef4b0 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -5761,7 +5761,10 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
> size_t alloc_size;
> struct net_device *p;
>
> - BUG_ON(strlen(name)>= sizeof(dev->name));
> + if (strnlen(name, sizeof(dev->name))>= sizeof(dev->name)) {
"size_t strnlen(const char *s, size_t maxlen) : The strnlen() function returns strlen(s), if that is
less than maxlen, or maxlen if there is no '\0' character among the first maxlen characters pointed
to by s."
How can strnlen(name, sizeof(dev->name)) be greater than sizeof(dev->name)?
Shouldn't it be "if (strnlen(name, sizeof(dev->name)) == sizeof(dev->name))" instead?
Nicolas.
> + pr_err("alloc_netdev: Too long device name \n");
> + return NULL;
> + }
>
> if (txqs< 1) {
> pr_err("alloc_netdev: Unable to allocate device "
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] core: dev: don't call BUG() on bad input
2011-02-14 12:16 ` Nicolas de Pesloüan
@ 2011-02-14 12:23 ` Vasiliy Kulikov
2011-02-14 13:01 ` Nicolas de Pesloüan
0 siblings, 1 reply; 5+ messages in thread
From: Vasiliy Kulikov @ 2011-02-14 12:23 UTC (permalink / raw)
To: Nicolas de Pesloüan
Cc: linux-kernel, David S. Miller, Eric Dumazet, Tom Herbert,
Changli Gao, Jesse Gross, netdev
Hi Nicolas,
On Mon, Feb 14, 2011 at 13:16 +0100, Nicolas de Pesloüan wrote:
> >- BUG_ON(strlen(name)>= sizeof(dev->name));
> >+ if (strnlen(name, sizeof(dev->name))>= sizeof(dev->name)) {
Ehh... Space after ")" is needed :)
> "size_t strnlen(const char *s, size_t maxlen) : The strnlen()
> function returns strlen(s), if that is less than maxlen, or maxlen
> if there is no '\0' character among the first maxlen characters
> pointed to by s."
>
> How can strnlen(name, sizeof(dev->name)) be greater than sizeof(dev->name)?
>
> Shouldn't it be "if (strnlen(name, sizeof(dev->name)) == sizeof(dev->name))" instead?
Not a big deal, but MO it's better to guard from everything that
is not a good input by negating the check. strnlen() < sizeof() is OK,
strnlen() >= sizeof() is bad. Is "==" more preferable for net/ coding style?
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] core: dev: don't call BUG() on bad input
2011-02-14 12:23 ` Vasiliy Kulikov
@ 2011-02-14 13:01 ` Nicolas de Pesloüan
0 siblings, 0 replies; 5+ messages in thread
From: Nicolas de Pesloüan @ 2011-02-14 13:01 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: linux-kernel, David S. Miller, Eric Dumazet, Tom Herbert,
Changli Gao, Jesse Gross, netdev
Le 14/02/2011 13:23, Vasiliy Kulikov a écrit :
> Hi Nicolas,
Hi Vasiliy,
> On Mon, Feb 14, 2011 at 13:16 +0100, Nicolas de Pesloüan wrote:
>>> - BUG_ON(strlen(name)>= sizeof(dev->name));
>>> + if (strnlen(name, sizeof(dev->name))>= sizeof(dev->name)) {
>
> Ehh... Space after ")" is needed :)
:-D
>> "size_t strnlen(const char *s, size_t maxlen) : The strnlen()
>> function returns strlen(s), if that is less than maxlen, or maxlen
>> if there is no '\0' character among the first maxlen characters
>> pointed to by s."
>>
>> How can strnlen(name, sizeof(dev->name)) be greater than sizeof(dev->name)?
>>
>> Shouldn't it be "if (strnlen(name, sizeof(dev->name)) == sizeof(dev->name))" instead?
>
> Not a big deal, but MO it's better to guard from everything that
> is not a good input by negating the check. strnlen()< sizeof() is OK,
> strnlen()>= sizeof() is bad. Is "==" more preferable for net/ coding style?
Agreed, both cannot cause any troubles. == is supposed to be better from the API point of view, but
>= is probably more readable.
Nicolas.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] core: dev: don't call BUG() on bad input
2011-02-14 10:56 [PATCH] core: dev: don't call BUG() on bad input Vasiliy Kulikov
2011-02-14 12:16 ` Nicolas de Pesloüan
@ 2011-02-15 23:02 ` Stephen Hemminger
1 sibling, 0 replies; 5+ messages in thread
From: Stephen Hemminger @ 2011-02-15 23:02 UTC (permalink / raw)
To: Vasiliy Kulikov
Cc: linux-kernel, David S. Miller, Eric Dumazet, Tom Herbert,
Changli Gao, Jesse Gross, netdev
On Mon, 14 Feb 2011 13:56:06 +0300
Vasiliy Kulikov <segoon@openwall.com> wrote:
> alloc_netdev() may be called with too long name (more that IFNAMSIZ bytes).
> Currently this leads to BUG(). Other insane inputs (bad txqs, rxqs) and
> even OOM don't lead to BUG(). Made alloc_netdev() return NULL, like on
> other errors.
The only way alloc_netdev could be called with a name too long
was if some driver was incorrectly written. It is not something
that can be exercised by user space.
Please leave the BUG() so the driver will show up in
kernel oops logs etc.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-02-15 23:02 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-14 10:56 [PATCH] core: dev: don't call BUG() on bad input Vasiliy Kulikov
2011-02-14 12:16 ` Nicolas de Pesloüan
2011-02-14 12:23 ` Vasiliy Kulikov
2011-02-14 13:01 ` Nicolas de Pesloüan
2011-02-15 23:02 ` Stephen Hemminger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).