Bug_reply : Out of range ptr error in module indicates bug in slab.c
From: selvakumar nagendran
Date:  Thu Dec 30 2004 - 07:14:19 EST
 Hello,
     Thanks for ur help. The user will be changing
this using system calls like dup,dup2 etc. If I keep
track of all these modifications by intercepting all
those syscalls and use inode number for identifying
the structure uniquely, will it break?
Thanks,
selva
> nagendran wrote:
> > 		else	{
> > 			new -> pipe_read_end = fdes[0];
> > 			new -> pipe_write_end = fdes[1];
> 
> this is a bug; fdes is a USERSPACE pointer, you
> cannot directly access
> that from kernel space, you need to use
> copy_from_user() for that.
> 
> And note, what you are doing is unreliable, since
> the user is capable of
> changing that information before you log it in your
> structure, so if you
> want to use the data you log for anything security
> related or for
> something that has to be accurate, it's broken...
> 
> > 	while(temp != NULL)
> > 	{
> > 		kfree(temp);
> > 		temp = temp -> next;
> > 	}
> 
> that is of course wrong; you free temp and THEN you
> access it!!
> 
> 
> -
> To unsubscribe from this list: send the line
> "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at 
> http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
		
__________________________________ 
Do you Yahoo!? 
Read only the mail you want - Yahoo! Mail SpamGuard. 
http://promotions.yahoo.com/new_mail 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/