Re: [PATCH] protect against buggy drivers

From: Richard B. Johnson
Date: Fri Oct 08 2004 - 14:34:02 EST


On Fri, 8 Oct 2004, Greg KH wrote:

On Fri, Oct 08, 2004 at 01:29:40PM -0400, Richard B. Johnson wrote:
On Fri, 8 Oct 2004, Greg KH wrote:

On Fri, Oct 08, 2004 at 09:53:41AM -0700, Stephen Hemminger wrote:
+ strlen(name) >= KOBJ_NAME_LEN ||

There's no need for this check, if we fix the other usage of
cdev->kobj.name in this file to use the proper kobject_name() and
kobject_set_name() functions.

Well the module name is passed in register/unregister_chrdev(). It
was not documented as the allowed length of the name so it was
possible to install a device and then only "partially" uninstall
the device so a subsequent open of the device-file would crash
the kernel. A device name of :

"Octrangle Contrabulator" 23 characters

... in a test program was sufficiently-long to kill the kernel.
I recommend truncating any name to an acceptable length. This
would show up in /proc/iomem, etc., prompting the developer
to shorten the name.

Also, the new length of 20 characters is probably too short.
There was no such limitation on 2.4.x, where many modules
are being ported from.

That's why I said this check should not go in, and the cdev code fixed
to use the proper functions. That would enable you to have as long as a
name as you wanted to.

thanks,

greg k-h

Okay. Thanks. Updating sources now.


Cheers,
Dick Johnson
Penguin : Linux version 2.6.8 on an i686 machine (5537.79 BogoMips).
Note 96.31% of all statistics are fiction.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/