Basically without this patch changing the mode of thermal zone is not possible as wrong string size is passed to strncmp.
Signed-off-by: Amit Daniel Kachhap amit.kachhap@linaro.org --- drivers/thermal/thermal_sys.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/thermal_sys.c b/drivers/thermal/thermal_sys.c index 220ce7e..96da1af 100644 --- a/drivers/thermal/thermal_sys.c +++ b/drivers/thermal/thermal_sys.c @@ -152,9 +152,9 @@ mode_store(struct device *dev, struct device_attribute *attr, if (!tz->ops->set_mode) return -EPERM;
- if (!strncmp(buf, "enabled", sizeof("enabled"))) + if (!strncmp(buf, "enabled", sizeof("enabled") - 1)) result = tz->ops->set_mode(tz, THERMAL_DEVICE_ENABLED); - else if (!strncmp(buf, "disabled", sizeof("disabled"))) + else if (!strncmp(buf, "disabled", sizeof("disabled") - 1)) result = tz->ops->set_mode(tz, THERMAL_DEVICE_DISABLED); else result = -EINVAL;
On Wed, 21 Mar 2012 16:40:01 +0530, Amit Daniel Kachhap wrote:
Basically without this patch changing the mode of thermal zone is not possible as wrong string size is passed to strncmp.
Actually it is possible, $ echo -n disabled > mode works fine. But it fails without the -n, your patch would fix that.
Acked-by: Jean Delvare khali@linux-fr.org
Note that a quick grep suggests that drivers/misc/ad525x_dpot.c, security/selinux/hooks.c and arch/m68k/sun3/prom/console.c suffer from the same issue, if you want to fix them too.
Signed-off-by: Amit Daniel Kachhap amit.kachhap@linaro.org
drivers/thermal/thermal_sys.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/thermal_sys.c b/drivers/thermal/thermal_sys.c index 220ce7e..96da1af 100644 --- a/drivers/thermal/thermal_sys.c +++ b/drivers/thermal/thermal_sys.c @@ -152,9 +152,9 @@ mode_store(struct device *dev, struct device_attribute *attr, if (!tz->ops->set_mode) return -EPERM;
- if (!strncmp(buf, "enabled", sizeof("enabled")))
- if (!strncmp(buf, "enabled", sizeof("enabled") - 1)) result = tz->ops->set_mode(tz, THERMAL_DEVICE_ENABLED);
- else if (!strncmp(buf, "disabled", sizeof("disabled")))
- else if (!strncmp(buf, "disabled", sizeof("disabled") - 1)) result = tz->ops->set_mode(tz, THERMAL_DEVICE_DISABLED); else result = -EINVAL;
On Wed, Mar 21, 2012 at 10:13 AM, Jean Delvare khali@linux-fr.org wrote:
On Wed, 21 Mar 2012 16:40:01 +0530, Amit Daniel Kachhap wrote:
Basically without this patch changing the mode of thermal zone is not possible as wrong string size is passed to strncmp.
Actually it is possible, $ echo -n disabled > mode works fine. But it fails without the -n, your patch would fix that.
Acked-by: Jean Delvare khali@linux-fr.org
Note that a quick grep suggests that drivers/misc/ad525x_dpot.c, security/selinux/hooks.c and arch/m68k/sun3/prom/console.c suffer from the same issue, if you want to fix them too.
I do see that we use sizeof() for strings in the selinux code, but I don't see a place that it is a bug. If you see a bug let me know and I'd be happy to fix it!
-Eric
Hi Eric,
On Wed, 21 Mar 2012 10:47:52 -0400, Eric Paris wrote:
On Wed, Mar 21, 2012 at 10:13 AM, Jean Delvare khali@linux-fr.org wrote:
Note that a quick grep suggests that drivers/misc/ad525x_dpot.c, security/selinux/hooks.c and arch/m68k/sun3/prom/console.c suffer from the same issue, if you want to fix them too.
I do see that we use sizeof() for strings in the selinux code, but I don't see a place that it is a bug. If you see a bug let me know and I'd be happy to fix it!
My suspect is in sb_finish_set_opts():
if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
If sb->s_type->name is exactly "sysfs", it will work, but if it only starts with "sysfs" it won't. And if only exact matches are expected, then strncmp is overkill and strcmp should be used instead.
Note that I don't know anything about the code so I might as well be totally wrong.
On Wed, Mar 21, 2012 at 15:13, Jean Delvare khali@linux-fr.org wrote:
On Wed, 21 Mar 2012 16:40:01 +0530, Amit Daniel Kachhap wrote:
Basically without this patch changing the mode of thermal zone is not possible as wrong string size is passed to strncmp.
Actually it is possible, $ echo -n disabled > mode works fine. But it fails without the -n, your patch would fix that.
Now it ignores any extra characters. Are they always newlines?
Now "echo -n disabledx > mode" will also "succeed".
Acked-by: Jean Delvare khali@linux-fr.org
Note that a quick grep suggests that drivers/misc/ad525x_dpot.c, security/selinux/hooks.c and arch/m68k/sun3/prom/console.c suffer from the same issue, if you want to fix them too.
W.r.t. the Sun-3 code, those strings don't come from the user, but from the firmware. But the code (copied from SPARC, which has the right firmware, unlike Sun-3) is commented out anyway.
Gr{oetje,eeting}s,
Geert
-- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
On Wed, 21 Mar 2012 16:14:46 +0100, Geert Uytterhoeven wrote:
On Wed, Mar 21, 2012 at 15:13, Jean Delvare khali@linux-fr.org wrote:
On Wed, 21 Mar 2012 16:40:01 +0530, Amit Daniel Kachhap wrote:
Basically without this patch changing the mode of thermal zone is not possible as wrong string size is passed to strncmp.
Actually it is possible, $ echo -n disabled > mode works fine. But it fails without the -n, your patch would fix that.
Now it ignores any extra characters. Are they always newlines?
Now "echo -n disabledx > mode" will also "succeed".
I guess this is considered good enough in practice, although I also don't like this use of strncmp. I'd prefer \n to be properly converted to \0 (by the sysfs layer itself) so that strict string comparisons can be done. I don't have the time to push this though, sorry.
On 21 March 2012 19:43, Jean Delvare khali@linux-fr.org wrote:
On Wed, 21 Mar 2012 16:40:01 +0530, Amit Daniel Kachhap wrote:
Basically without this patch changing the mode of thermal zone is not possible as wrong string size is passed to strncmp.
Actually it is possible, $ echo -n disabled > mode works fine. But it fails without the -n, your patch would fix that.
Thanks for pointing this out. Anyway this patch makes some sense until sysfs takes care of this.
Acked-by: Jean Delvare khali@linux-fr.org
Note that a quick grep suggests that drivers/misc/ad525x_dpot.c, security/selinux/hooks.c and arch/m68k/sun3/prom/console.c suffer from the same issue, if you want to fix them too.
Signed-off-by: Amit Daniel Kachhap amit.kachhap@linaro.org
drivers/thermal/thermal_sys.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/thermal/thermal_sys.c b/drivers/thermal/thermal_sys.c index 220ce7e..96da1af 100644 --- a/drivers/thermal/thermal_sys.c +++ b/drivers/thermal/thermal_sys.c @@ -152,9 +152,9 @@ mode_store(struct device *dev, struct device_attribute *attr, if (!tz->ops->set_mode) return -EPERM;
- if (!strncmp(buf, "enabled", sizeof("enabled")))
- if (!strncmp(buf, "enabled", sizeof("enabled") - 1))
result = tz->ops->set_mode(tz, THERMAL_DEVICE_ENABLED);
- else if (!strncmp(buf, "disabled", sizeof("disabled")))
- else if (!strncmp(buf, "disabled", sizeof("disabled") - 1))
result = tz->ops->set_mode(tz, THERMAL_DEVICE_DISABLED); else result = -EINVAL;
-- Jean Delvare
-
Amit Daniel Kachhap -
Amit Kachhap
-
Eric Paris -
Geert Uytterhoeven -
Jean Delvare -
Len Brown