Re: PROPOSAL: dot-proc interface [was: /proc stuff]

Erik Andersen (andersen@codepoet.org)
Tue, 6 Nov 2001 15:22:15 -0700


On Tue Nov 06, 2001 at 02:49:23PM -0500, dank@trellisinc.com wrote:
> In article <20011105155955.A16505@codepoet.org> Erik Anderson wrote:
> > Come now, it really isn't that difficult:
>
> > char name[80];
> > if (sscanf(line, "%4u %4u %llu %s", &major, &minor, &size, name) == 4)
>
> if it's so easy to do, why do you have a great big buffer overflow here?

Sorry, no doughnut for you. drivers/block/genhd.c:

#ifdef CONFIG_PROC_FS
int get_partition_list(char *page, char **start, off_t offset, int count)
{
...
char buf[64];

...

len += snprintf(page + len, 63, "%4d %4d %10d %s\n", gp->major, n,
gp->sizes[n], disk_name(gp, n, buf));

so each /proc/partitions line maxes out at 63 bytes. So not only
is there no overflow, I am providing 16 extra bytes of padding.

-Erik

--
Erik B. Andersen             http://codepoet-consulting.com/
--This message was written using 73% post-consumer electrons--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/