[PATCH] cdrom_sysctl_info fix

From: Dave Young
Date: Thu Jun 14 2007 - 02:23:32 EST

Next message: Ollie Wild: "Re: [patch 0/3] no MAX_ARG_PAGES -v2"
Previous message: Bongani Hlope: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Next in thread: dave young: "Re: [PATCH] cdrom_sysctl_info fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Fix the cdrom_sysctl_info possible buffer overwrite bug. Somd codingstyle fixes are included as well.

diff based on 2.6.22-rc4

Signed-off-by: Dave Young <hidave.darkstar@xxxxxxxxx>
---
drivers/cdrom/cdrom.c | 186 +-
1 files changed, 102 insertions(+), 84 deletions(-)

diff -upr linux/drivers/cdrom/cdrom.c linux.new/drivers/cdrom/cdrom.c
--- linux/drivers/cdrom/cdrom.c 2007-06-14 14:05:04.000000000 +0000
+++ linux.new/drivers/cdrom/cdrom.c 2007-06-14 14:11:58.000000000 +0000
@@ -3290,102 +3290,120 @@ static struct cdrom_sysctl_settings {
} cdrom_sysctl_settings;

static int cdrom_sysctl_info(ctl_table *ctl, int write, struct file * filp,
- void __user *buffer, size_t *lenp, loff_t *ppos)
+ void __user *buffer, size_t *lenp, loff_t *ppos)
{
- int pos;
+ int pos;
struct cdrom_device_info *cdi;
char *info = cdrom_sysctl_settings.info;
+ int size = sizeof(cdrom_sysctl_settings.info);

if (!*lenp || (*ppos && !write)) {
*lenp = 0;
return 0;
}

- pos = sprintf(info, "CD-ROM information, " VERSION "\n");
+ pos = scnprintf(info, size, "CD-ROM information, " VERSION "\n");

- pos += sprintf(info+pos, "\ndrive name:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%s", cdi->name);
-
- pos += sprintf(info+pos, "\ndrive speed:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", cdi->speed);
-
- pos += sprintf(info+pos, "\ndrive # of slots:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", cdi->capacity);
-
- pos += sprintf(info+pos, "\nCan close tray:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_CLOSE_TRAY) != 0);
-
- pos += sprintf(info+pos, "\nCan open tray:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_OPEN_TRAY) != 0);
-
- pos += sprintf(info+pos, "\nCan lock tray:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_LOCK) != 0);
-
- pos += sprintf(info+pos, "\nCan change speed:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_SELECT_SPEED) != 0);
-
- pos += sprintf(info+pos, "\nCan select disk:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_SELECT_DISC) != 0);
-
- pos += sprintf(info+pos, "\nCan read multisession:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_MULTI_SESSION) != 0);
-
- pos += sprintf(info+pos, "\nCan read MCN:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_MCN) != 0);
-
- pos += sprintf(info+pos, "\nReports media changed:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_MEDIA_CHANGED) != 0);
-
- pos += sprintf(info+pos, "\nCan play audio:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_PLAY_AUDIO) != 0);
-
- pos += sprintf(info+pos, "\nCan write CD-R:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_CD_R) != 0);
-
- pos += sprintf(info+pos, "\nCan write CD-RW:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_CD_RW) != 0);
-
- pos += sprintf(info+pos, "\nCan read DVD:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_DVD) != 0);
-
- pos += sprintf(info+pos, "\nCan write DVD-R:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_DVD_R) != 0);
-
- pos += sprintf(info+pos, "\nCan write DVD-RAM:");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_DVD_RAM) != 0);
-
- pos += sprintf(info+pos, "\nCan read MRW:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_MRW) != 0);
-
- pos += sprintf(info+pos, "\nCan write MRW:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_MRW_W) != 0);
-
- pos += sprintf(info+pos, "\nCan write RAM:\t");
- for (cdi=topCdromPtr;cdi!=NULL;cdi=cdi->next)
- pos += sprintf(info+pos, "\t%d", CDROM_CAN(CDC_RAM) != 0);
+ pos += scnprintf(info + pos, size - pos, "\ndrive name:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%s", cdi->name);
+
+ pos += scnprintf(info + pos, size - pos ,"\ndrive speed:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d", cdi->speed);
+
+ pos += scnprintf(info + pos, size - pos, "\ndrive # of slots:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d", cdi->capacity);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan close tray:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_CLOSE_TRAY) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan open tray:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_OPEN_TRAY) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan lock tray:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_LOCK) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan change speed:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_SELECT_SPEED) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan select disk:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_SELECT_DISC) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan read multisession:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_MULTI_SESSION) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan read MCN:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_MCN) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nReports media changed:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_MEDIA_CHANGED) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan play audio:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_PLAY_AUDIO) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan write CD-R:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_CD_R) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan write CD-RW:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_CD_RW) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan read DVD:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_DVD) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan write DVD-R:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_DVD_R) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan write DVD-RAM:");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_DVD_RAM) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan read MRW:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_MRW) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan write MRW:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_MRW_W) != 0);
+
+ pos += scnprintf(info + pos, size - pos, "\nCan write RAM:\t");
+ for (cdi = topCdromPtr; cdi != NULL; cdi = cdi->next)
+ pos += scnprintf(info + pos, size - pos, "\t%d",
+ CDROM_CAN(CDC_RAM) != 0);

- strcpy(info+pos,"\n\n");
+ scnprintf(info + pos, size - pos, "\n\n");

- return proc_dostring(ctl, write, filp, buffer, lenp, ppos);
+ return proc_dostring(ctl, write, filp, buffer, lenp, ppos);
}

/* Unfortunately, per device settings are not implemented through

Regards
dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ollie Wild: "Re: [patch 0/3] no MAX_ARG_PAGES -v2"
Previous message: Bongani Hlope: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Next in thread: dave young: "Re: [PATCH] cdrom_sysctl_info fix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]