Re: Fw: Re: oops in choose_configuration()

From: Linus Torvalds
Date: Tue Mar 07 2006 - 19:55:25 EST

Next message: Dmitry Torokhov: "Re: [PATCH] EDAC: core EDAC support code"
Previous message: Lee Revell: "Re: [opensuse-factory] Re[2]: 2.6.16 serious consequences /GPL_EXPORT_SYMBOL / USB drivers of major vendor excluded"
In reply to: Greg KH: "Re: Fw: Re: oops in choose_configuration()"
Next in thread: Dmitry Torokhov: "Re: Fw: Re: oops in choose_configuration()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 7 Mar 2006, Chuck Ebbert wrote:
>
> At least one susbsystem rolls its own method of adding env vars to the
> uevent buffer, and it's so broken it triggers the WARN_ON() in
> lib/vsprintf.c::vsnprintf() by passing a negative length to that function.

Well, snprintf() should be safe, though. It will warn if the caller is
lazy, but these days, the thing does

max(buf_size - len, 0)

which should mean that the input layer passes in 0 instead of a negative
number. And snprintf() will then _not_ print anything.

So I think input_add_uevent_bm_var() is safe, even if it's not pretty.

However, input_devices_read() doesn't do any sanity checking at all, and
if that ever ends up printing more than a page, that would be bad. I
didn't look very closely, but it looks worrisome.

Dmitry?

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Torokhov: "Re: [PATCH] EDAC: core EDAC support code"
Previous message: Lee Revell: "Re: [opensuse-factory] Re[2]: 2.6.16 serious consequences /GPL_EXPORT_SYMBOL / USB drivers of major vendor excluded"
In reply to: Greg KH: "Re: Fw: Re: oops in choose_configuration()"
Next in thread: Dmitry Torokhov: "Re: Fw: Re: oops in choose_configuration()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]