Re: [PATCH] kernel/sysctl.c: If "count" including the terminating byte '\0' the write system call should retrun success.
From: Sean Fu
Date: Wed Aug 26 2015 - 05:30:59 EST
On Wed, Aug 26, 2015 at 4:39 AM, Heinrich Schuchardt <xypron.glpk@xxxxxx> wrote:
>
>
> On 24.08.2015 10:56, Sean Fu wrote:
>> when the input argument "count" including the terminating byte "\0",
>> The write system call return EINVAL on proc file.
>> But it return success on regular file.
>>
>> E.g. Writting two bytes ("1\0") to "/proc/sys/net/ipv4/conf/eth0/rp_filter".
>> write(fd, "1\0", 2) return EINVAL.
>
> Reading through kernel/sysctl.c it looks like you are allowing
> "1\01" to be used to pass two integers or two longs.
> This is not what you describe as target of your patch.
1st 2nd 3rd Change?
'0'~'9' '\0' non '\0' No
proc_get_long-->simple_strtoul-->simple_strtoull-->_parse_integer
__do_proc_dointvec
...
vleft = table->maxlen / sizeof(*i); //vleft = 1 if it is
integer type proc file
...
for (; left && vleft--; i++, first=0) { //In last loop
left=2, but vleft = 0 cause exit.
>
> Parameter tr returned from proc_get_long should be checked in
> __do_proc_dointvec,
> __do_proc_doulongvec_minmax.
>
> Best regards
>
> Heinrich Schuchardt
>
>>
>> Signed-off-by: Sean Fu <fxinrong@xxxxxxxxx>
>> ---
>> kernel/sysctl.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
>> index 19b62b5..c2b0594 100644
>> --- a/kernel/sysctl.c
>> +++ b/kernel/sysctl.c
>> @@ -2004,7 +2004,7 @@ static int do_proc_dointvec_conv(bool *negp,
>> unsigned long *lvalp,
>> return 0;
>> }
>>
>> -static const char proc_wspace_sep[] = { ' ', '\t', '\n' };
>> +static const char proc_wspace_sep[] = { ' ', '\t', '\n', '\0' };
>>
>> static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table,
>> int write, void __user *buffer,
>>
All possibilities are listed.
1 byte data(count = 1)
1st Change?
'\0' NO
non '\0' NO
2 bytes data(count = 2)
1st 2nd Change?
'0'~'9' '\0' Yes
'0'~'9' non '\0' No
non number '\0' No
non number non '\0' No
3 bytes data(count = 3)
1st 2nd 3rd Change?
'0'~'9' '0'~'9' '\0' Yes
'0'~'9' '0'~'9' non '\0' No
'0'~'9' non '0'~'9' '\0' No
'0'~'9' non '0'~'9' non '\0' No
'0'~'9' '\0' '\0' No
'0'~'9' '\0' non '\0' No
non '0'~'9' Any Any No
More 3 bytes data(count > 3)
Number sequence the next character Change?
"x1...xn" '\0' Yes
"x1...xn" non '\0' No
Non "x1...xn" '\0' No
Non "x1...xn" non '\0' No
"x1...xn" is a string whose all members are "0"~'9'
Non "x1...xn" means the first character is not "0"~'9'.
"Yes" means the behavior is changed.
"No" means the behavior is Not changed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/