Re: [PATCH] add sysfs attribute 'carrier' for net devices - try 2.

From: Stephen Hemminger
Date: Tue Sep 28 2004 - 17:29:56 EST


On Tue, 2004-09-28 at 22:54 +0200, Nico Schottelius wrote:
> Hello!
>
> I am just a bit tired and a bit confused, but
>
> Jesper Juhl [Tue, Sep 28, 2004 at 09:23:25PM +0200]:
> > > > Using snprintf in this way is kind of silly. since buffer is PAGESIZE.
> > > > The most concise format of this would be:
> > > > return sprintf(buf, dec_fmt, !!netif_carrier_ok(dev));
>
> wouldn't this potentially open a security hole / buffer overflow?

buf comes from fs/sysfs/file.c:fill_read_buf and is PAGESIZE.
Since netif_carrier_ok() returns 0 or 1, don't see how that could ever
turn into a security hole.


> I am currently not really seeing where buf is passed from and what
> dec_fmt is, but am I totally wrong?

dec_fmt is in net-sysfs.c and is defined as "%d\n" to avoid
repetition of same string literal.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/