On 09/04/2013 03:43 PM, Al Viro wrote:
On Wed, Sep 04, 2013 at 03:33:00PM -0400, Waiman Long wrote:
I have thought about that. But if a d_move() is going on, the string
in the buffer will be discarded as the sequence number will change.
So whether or not it have embedded null byte shouldn't matter. That
is why I didn't add code to do byte-by-byte copy at this first
patch. I can add code to do that if you think it is safer to do so.
Sigh... Junk in the output is not an issue; reading from invalid address
is, since you might not survive to the sequence number check. Again,
if p is an address returned by kmalloc(size, ...), dereferencing p + offset
is not safe unless offset is less than size.
Yeah, I understand that. As said in my reply to Linus, I will use
memchr() to see if there is null byte within the specified length. If
one is found, I will assume the string is not valid and return error to
the caller.
Longman
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
