Thanks Pablo for clarification. I will resend the patch. regards santosh On Thu, Mar 1, 2012 at 6:33 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Thu, Mar 01, 2012 at 04:15:05PM +0530, santosh prasad nayak wrote: >> Hi Pablo. >> >> copy_to_user( dest, source, length) >> >> Normally, 'length' is equal to 'sizeof (source) '. >> >> In this case "length" = 32 >> "sizeof(source)" = 29. >> >> Is it intentional ? > > ebtables expects 32 bytes names. > >> Won't it copy extra 3 bytes of kernel data to userspace ? > > You're right. We have to copy 29 bytes but we have to fill the > remaining bytes with zeroes. I think something like: > > char name[EBT_FUNCTION_MAXNAMELEN] = {}; > > /* user-space ebtables expects 32 bytes-long names, but xt_match uses > * 29 bytes for that. */ > sprintf(name, "%s", m->u.match->name); > if (copy_to_user(hlp, name, EBT_FUNCTION_MAXNAMELEN)) > ... > > will resolve this issue. > > Would you resend a new patch? -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html