Bogus buffer length check in linux-2.6.11 read()

From: linux-os
Date: Tue Mar 15 2005 - 13:12:33 EST

Next message: Greg KH: "Re: [BUG] Re: [PATCH] scripts/patch-kernel: use EXTRAVERSION"
Previous message: David Greaves: "Re: [BUG] Re: [PATCH] scripts/patch-kernel: use EXTRAVERSION"
Next in thread: Tom Felker: "Re: Bogus buffer length check in linux-2.6.11 read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The attached file shows that the kernel thinks it's doing
something helpful by checking the length of the input
buffer for a read(). It will return "Bad Address" until
the length is 1632 bytes. Apparently the kernel thinks
1632 is a good length!

Did anybody consider the overhead necessary to do this
and the fact that the kernel has no way of knowing if
the pointer to the buffer is valid until it actually
does the write. What was wrong with copy_to_user()?
Why is there the additional bogus check?

Cheers,
Dick Johnson
Penguin : Linux version 2.6.11 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main()
{
char buf[0x100];
size_t i;
int val;
for(i=0x1000; i > 0; i--)
{
if((val = read(STDIN_FILENO, buf, i)) == -1)
perror("read");
else
{
printf("Apparently the kernel thinks %u is a good length!\n", i);
break;
}
}
return 0;
}

Next message: Greg KH: "Re: [BUG] Re: [PATCH] scripts/patch-kernel: use EXTRAVERSION"
Previous message: David Greaves: "Re: [BUG] Re: [PATCH] scripts/patch-kernel: use EXTRAVERSION"
Next in thread: Tom Felker: "Re: Bogus buffer length check in linux-2.6.11 read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]