Re: [PATCH] kobject: Fix global-out-of-bounds in kobject_action_type()

[Xia Fukun]

I know how to modify it to meet your requirements:

	for (action = 0; action < ARRAY_SIZE(kobject_actions); action++) {
		if (strncmp(kobject_actions[action], buf, count_first) != 0)
			continue;
		if (strlen(kobject_actions[action]) > count_first)
			continue;
		if (args)
			*args = args_start;
		*type = action;
		ret = 0;
		break;
	}

So I will modify the patch and resubmit it. Please review it again

在 2023/3/7 17:27, Greg KH 写道:

> 
> On Tue, Mar 07, 2023 at 05:08:02PM +0800, Xia Fukun wrote:
>> Thanks for your reply.
>> Your understanding is correct."offline\0\0\0\0\0\0\0\0\0\0" is indeed blocked
>> from matching "offline" and returns a failed result.
>>
>> I'm not sure whether to relax the restrictions to make it match successfully.
>> After all, the incoming count is too large and not the actual length of
>> "offline".
> 
> But that doesn't matter at all.  Sometimes you do not have control over
> the buffer length when writing to a file like this, what matters is the
> content of the buffer and we should stop at the first \0 as that's the
> "end of a string" in this type of api.
> 
> So your change here might break existing userspace code, and we can't do
> that, sorry.
> 
> thanks,
> 
> greg k-h