On Fri, Dec 4, 2015 at 12:24 AM, Lee Jones <lee.jones@xxxxxxxxxx> wrote: > On Thu, 03 Dec 2015, Arnd Bergmann wrote: > >> On Thursday 03 December 2015 17:28:30 Lee Jones wrote: >> > > >> > > Ah, interesting. I haven't tried myself, and just tried to read the >> > > code. Maybe glibc already catches zero-length writes before it gets >> > > into the kernel, or I just missed the part of the syscall that checks >> > > for this. >> > >> > Glibc is responsible indeed: >> > >> > http://osxr.org/glibc/source/io/write.c >> >> Ok, so an attacker can force the stack overflow by calling >> syscall(__NR_write, fd, p, 0) if that has any potential value, >> but normal users won't hit this case. > > Right. I have fixed the issue (and another one I found) anyway, if > only to rid the GCC warning. > Sorry, but I'm unable to find a new version of this patch, did I miss it or could you resend it? Also, as I looked at this again, we should probably return an error if count >= sizeof(buf) rather than just acknowledging the input (same in the other debugfs write function in this file). Regards, Bjorn -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
