On Thu, Mar 01, 2012 at 04:15:05PM +0530, santosh prasad nayak wrote:
> Hi Pablo.
>
> copy_to_user( dest, source, length)
>
> Normally, 'length' is equal to 'sizeof (source) '.
>
> In this case "length" = 32
> "sizeof(source)" = 29.
>
> Is it intentional ?
ebtables expects 32 bytes names.
> Won't it copy extra 3 bytes of kernel data to userspace ?
You're right. We have to copy 29 bytes but we have to fill the
remaining bytes with zeroes. I think something like:
char name[EBT_FUNCTION_MAXNAMELEN] = {};
/* user-space ebtables expects 32 bytes-long names, but xt_match uses
* 29 bytes for that. */
sprintf(name, "%s", m->u.match->name);
if (copy_to_user(hlp, name, EBT_FUNCTION_MAXNAMELEN))
...
will resolve this issue.
Would you resend a new patch?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
