Re: [PATCH] add sysfs attribute 'carrier' for net devices - try 2.
From: Nico Schottelius
Date: Wed Sep 29 2004 - 01:58:54 EST
Thanks for enlightening [1] me!
Nico
P.S.: [1] enlightenment.org is still alive, just wanted to note that..
Stephen Hemminger [Tue, Sep 28, 2004 at 03:24:43PM -0700]:
> On Tue, 2004-09-28 at 22:54 +0200, Nico Schottelius wrote:
> > Hello!
> >
> > I am just a bit tired and a bit confused, but
> >
> > Jesper Juhl [Tue, Sep 28, 2004 at 09:23:25PM +0200]:
> > > > > Using snprintf in this way is kind of silly. since buffer is PAGESIZE.
> > > > > The most concise format of this would be:
> > > > > return sprintf(buf, dec_fmt, !!netif_carrier_ok(dev));
> >
> > wouldn't this potentially open a security hole / buffer overflow?
>
> buf comes from fs/sysfs/file.c:fill_read_buf and is PAGESIZE.
> Since netif_carrier_ok() returns 0 or 1, don't see how that could ever
> turn into a security hole.
>
>
> > I am currently not really seeing where buf is passed from and what
> > dec_fmt is, but am I totally wrong?
>
> dec_fmt is in net-sysfs.c and is defined as "%d\n" to avoid
> repetition of same string literal.
>
>
--
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nico.schotteli.us | http://linux.schottelius.org
Attachment:
pgp00000.pgp
Description: PGP signature