Re: mpol_to_str revisited.
From: Ben Hutchings
Date: Mon Oct 08 2012 - 20:33:13 EST
On Mon, 2012-10-08 at 11:09 -0400, Dave Jones wrote:
> Last month I sent in 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a to remove
> a user triggerable BUG in mempolicy.
>
> Ben Hutchings pointed out to me that my change introduced a potential leak
> of stack contents to userspace, because none of the callers check the return value.
>
> This patch adds the missing return checking, and also clears the buffer beforehand.
>
> Reported-by: Ben Hutchings <bhutchings@xxxxxxxxxxxxxx>
I was wearing my other hat at the time (ben@xxxxxxxxxxxxxxx).
> Cc: stable@xxxxxxxxxx
> Signed-off-by: Dave Jones <davej@xxxxxxxxxx>
>
> ---
> unanswered question: why are the buffer sizes here different ? which is correct?
[...]
Further question: why even use an intermediate buffer on the stack?
Both callers want to write the result to a seq_file. Should mpol_str()
then be replaced with a seq_mpol()?
Ben.
--
Ben Hutchings
Who are all these weirdos? - David Bowie, about L-Space IRC channel #afp
Attachment:
signature.asc
Description: This is a digitally signed message part