Re: Bug : Out of range ptr error in module indicates bug in slab.c

From: Arjan van de Ven (arjan_at_infradead.org)
Date: 12/30/04

  • Next message: Trond Myklebust: "Re: POSIX ACL's with NFS" 
    To: selvakumar nagendran <kernelselva@yahoo.com>
Date:	Thu, 30 Dec 2004 12:18:40 +0100

    On Thu, 2004-12-30 at 02:54 -0800, selvakumar nagendran wrote:
    > else {
    > new -> pipe_read_end = fdes[0];
    > new -> pipe_write_end = fdes[1];

    this is a bug; fdes is a USERSPACE pointer, you cannot directly access
    that from kernel space, you need to use copy_from_user() for that.

    And note, what you are doing is unreliable, since the user is capable of
    changing that information before you log it in your structure, so if you
    want to use the data you log for anything security related or for
    something that has to be accurate, it's broken...

    > while(temp != NULL)
    > {
    > kfree(temp);
    > temp = temp -> next;
    > }

    that is of course wrong; you free temp and THEN you access it!!

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  • Next message: Trond Myklebust: "Re: POSIX ACL's with NFS"