On Fri, Dec 05, 2014 at 01:27:23PM -0800, Greg KH wrote:
> On Fri, Dec 05, 2014 at 12:03:47AM -0800, Tristan Lelong wrote:
> > static ssize_t
> > -fld_proc_hash_seq_write(struct file *file, const char *buffer,
> > - size_t count, loff_t *off)
> > +fld_proc_hash_seq_write(struct file *file,
> > + const char __user *buffer,
> > + size_t count, loff_t *off)
> > {
> > struct lu_client_fld *fld;
> > struct lu_fld_hash *hash = NULL;
> > + char name[80];
> > int i;
> >
> > + if (count > 80)
> > + return -ENAMETOOLONG;
> > +
> > + if (copy_from_user(name, buffer, count) != 0)
> > + return -EFAULT;
>
> How was this code ever working before?
I have no idea, and was actually surprised that this was there.
>
> And I know Joe asked, but how do you know that 80 is ok? And why on the
> stack?
80 is the sizeof(struct lu_fld_hash.fh_name) and there is no define for that.
A few other structure members are using this 80 value internally, and as I told
Joe, I will analyze if they are all related and submit a patch to use a define
instead.
>
> Shouldn't you just compare count to strlen(fld_hash[i].fh_name)? like you
> do later on?
>
This is actually done in the for loop already. I first compare with the maximum
size,
then the loop use the strlen of each entries in the table, and finally does the
strncmp.
>
> Anyway, I don't like large stack variables like this, can you make it
> dynamic instead?
>
I can definitely do this with a kmalloc, I'll submit a v2 tonight.
Thanks
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
