> > /* > > + * No partial write. > > * Enough data must be present. > > */ > > if (*ppos != 0) > > return -EINVAL; > > + if (count == 0 || count > PAGE_SIZE) > > + return -EINVAL; > > > > data = memdup_user_nul(buf, count); > > if (IS_ERR(data)) > > > > Doesn't this change break legitimate requests like > > char buffer[20000]; > > memset(buffer, ' ', sizeof(buffer)); > memcpy(buffer + sizeof(buffer) - 10, "foo", 3); > write(fd, buffer, sizeof(buffer)); > > ?
It does, in this case. Then I need to patch another version with whitespace stripping before, after label. I just followed the same thing that I see in security/selinux/selinuxfs.c sel_write_enforce() etc. It has the same memdup_user_nul() and count >= PAGE_SIZE check prior to that.
