Re: CVE-2009-2584

From: Linus Torvalds
Date: Thu Nov 05 2009 - 12:48:37 EST

Next message: Christoph Lameter: "Re: [RFC][PATCH] lib: generic percpu counter array"
Previous message: Valdis . Kletnieks: "2.6.32-rc5-mmotm1101 - unkillable processes stuck in futex."
In reply to: Linus Torvalds: "Re: CVE-2009-2584"
Next in thread: Roland Dreier: "Re: CVE-2009-2584"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 5 Nov 2009, Linus Torvalds wrote:
> {
> - unsigned long val;
> - char buf[80];
> + char buf[16];

On third thought, this was too aggressive.

Using "0x%16ul" as a format on 64-bit machines is reasonable, so 19 bytes
of buffer is not insane (with the terminating NUL). Of course, it never
used to accept hex numbers, so it's not like it would have worked before,
but the point is that I cut down the buffer unnecessarily strictly.

Can anybody see anything else wrong in that suggested fix?

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Lameter: "Re: [RFC][PATCH] lib: generic percpu counter array"
Previous message: Valdis . Kletnieks: "2.6.32-rc5-mmotm1101 - unkillable processes stuck in futex."
In reply to: Linus Torvalds: "Re: CVE-2009-2584"
Next in thread: Roland Dreier: "Re: CVE-2009-2584"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]