Re: AUDIT: copy_from_user is a deathtrap.

Denis Vlasenko (vda@port.imtp.ilyichevsk.odessa.ua)
Tue, 21 May 2002 08:57:28 -0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Frank Schaefer: "Re: RFC - named loop devices..."
Previous message: David S. Miller: "Re: Linux-2.5.16"
Next in thread: Arnaldo Carvalho de Melo: "Re: AUDIT: copy_from_user is a deathtrap."
Reply: Arnaldo Carvalho de Melo: "Re: AUDIT: copy_from_user is a deathtrap."

On 20 May 2002 13:22, you wrote:
> > Can you tell me what's wrong with copy_from_user? How did you used it
> > wrongly?
>
> Denis, I agree with the essense of Rusty's argument, which is that
> copy_to_user is easy to misuse in the following way:
>
> xxx_ioctl (..., cmd, arg) {
> return copy_to_user(....);
> }
>
> Since copy_to_user returns a number of residue bytes instead of
> -EINVAL, such statement confuses the caller.
> Rusty found something about 54 instances of this.

Oh. Do you think a pair of

copy_to_user_or_EINVAL(...)
copy_to_user_return_residue(...)

will help avoid such bugs?
It is possible to audit kernel once, move it to new functions
and deprecate/delete old one.

--
vda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Frank Schaefer: "Re: RFC - named loop devices..."
Previous message: David S. Miller: "Re: Linux-2.5.16"
Next in thread: Arnaldo Carvalho de Melo: "Re: AUDIT: copy_from_user is a deathtrap."
Reply: Arnaldo Carvalho de Melo: "Re: AUDIT: copy_from_user is a deathtrap."