Re: [PATCH] uinput strnlen bugfix

From: David Herrmann
Date: Mon Feb 07 2011 - 07:52:17 EST


> Hmm, not particularly fond with the construct, how about below instead?
>
> Btw, having "Signed-off-by: " from David would be nice.
>
> Thanks.
>
> --
> Dmitry
>
> Input: uinput - fix setting up device name
>
> From: David Herrmann <dh.herrmann@xxxxxxxxxxxxxx>
>
> The check for non-empty device name was botched since we tried to account
> for extra space for the terminating zero at the same time. Convert to
> kstrndup() to avoid this problem.
>
> Acked-by: Aristeu Rozanski <aris@xxxxxxxxx>
> Signed-off-by: Dmitry Torokhov <dtor@xxxxxxx>
> ---
>
>  drivers/input/misc/uinput.c |   13 ++++++-------
>  1 files changed, 6 insertions(+), 7 deletions(-)
>
>
> diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
> index 82542a1..c0888e3 100644
> --- a/drivers/input/misc/uinput.c
> +++ b/drivers/input/misc/uinput.c
> @@ -347,8 +347,7 @@ static int uinput_setup_device(struct uinput_device *udev, const char __user *bu
>  {
>        struct uinput_user_dev  *user_dev;
>        struct input_dev        *dev;
> -       char                    *name;
> -       int                     i, size;
> +       int                     i;
>        int                     retval;
>
>        if (count != sizeof(struct uinput_user_dev))
> @@ -373,19 +372,19 @@ static int uinput_setup_device(struct uinput_device *udev, const char __user *bu
>
>        udev->ff_effects_max = user_dev->ff_effects_max;
>
> -       size = strnlen(user_dev->name, UINPUT_MAX_NAME_SIZE) + 1;
> -       if (!size) {
> +       /* Ensure name is filled in */
> +       if (!user_dev->name[0]) {
>                retval = -EINVAL;
>                goto exit;
>        }
>
>        kfree(dev->name);
> -       dev->name = name = kmalloc(size, GFP_KERNEL);
> -       if (!name) {
> +       dev->name = kstrndup(user_dev->name, UINPUT_MAX_NAME_SIZE,
> +                            GFP_KERNEL);
> +       if (!dev->name) {
>                retval = -ENOMEM;
>                goto exit;
>        }
> -       strlcpy(name, user_dev->name, size);
>
>        dev->id.bustype = user_dev->id.bustype;
>        dev->id.vendor  = user_dev->id.vendor;
>

This is definitely a better solution, yes. Thank you.
Signed-off-by: David Herrmann <dh.herrmann@xxxxxxxxx>

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/