From: Jean Tourrilhes <jt@xxxxxxxxxx> Date: Mon, 10 Dec 2007 10:09:21 -0800 > On Mon, Dec 10, 2007 at 01:15:27PM +0100, Johannes Berg wrote: > > > > > Do either of those sound better to you than extending struct iw_range? > > > > Because wext is stupidly defined, you can never extend any structures it > > uses. Wext never passes in the length that userspace expects to passing > > in longer structures than the fixed one userspace expects will always > > overwrite something in userspace, possibly on the stack. > > > > johannes > > Please check again... I've personally already fixed a bug like this for 64-bit because the WEXT request struct is smaller than an ifreq and the former is what the applications declare on the stack yet an ifreq is what was used to size to copy back into userspace. There are therefore definitely past and potential future problems in this area, and indeed it is a design issue. - To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
