Search Linux Wireless

Re: [RFC PATCH] introduce WEXT scan capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Jean Tourrilhes <jt@xxxxxxxxxx>
Date: Mon, 10 Dec 2007 10:09:21 -0800

> On Mon, Dec 10, 2007 at 01:15:27PM +0100, Johannes Berg wrote:
> > 
> > > Do either of those sound better to you than extending struct iw_range?
> > 
> > Because wext is stupidly defined, you can never extend any structures it
> > uses. Wext never passes in the length that userspace expects to passing
> > in longer structures than the fixed one userspace expects will always
> > overwrite something in userspace, possibly on the stack.
> > 
> > johannes
> 
> 	Please check again...

I've personally already fixed a bug like this for 64-bit because the
WEXT request struct is smaller than an ifreq and the former is what
the applications declare on the stack yet an ifreq is what was used to
size to copy back into userspace.

There are therefore definitely past and potential future problems in
this area, and indeed it is a design issue.
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux