* [PATH 0/2] strndup_user, description
@ 2006-02-15 0:47 Davi Arnaut
2006-02-15 2:53 ` Alan Cox
0 siblings, 1 reply; 3+ messages in thread
From: Davi Arnaut @ 2006-02-15 0:47 UTC (permalink / raw)
To: akpm; +Cc: davi.arnaut, linux-kernel
This patch series creates a strndup_user() function in order to avoid duplicated
and error-prone (userspace modifying the string after the strlen_user()) code.
The diffstat:
include/linux/string.h | 3 +
kernel/module.c | 19 +-------
mm/util.c | 37 +++++++++++++++
security/keys/keyctl.c | 116 ++++++++++---------------------------------------
4 files changed, 68 insertions(+), 107 deletions(-)
Signed-off-by: Davi Arnaut <davi.arnaut@gmail.com>
--
diff --git a/include/linux/string.h b/include/linux/string.h
index 369be32..2cb2dc8 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -18,6 +18,9 @@ extern char * strsep(char **,const char
extern __kernel_size_t strspn(const char *,const char *);
extern __kernel_size_t strcspn(const char *,const char *);
+#define strdup_user(s) strndup_user(s, PAGE_SIZE)
+extern char *strndup_user(const char __user *, long);
+
/*
* Include machine specific inline routines
*/
diff --git a/mm/util.c b/mm/util.c
index 5f4bb59..09c2c3b 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -1,6 +1,8 @@
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/module.h>
+#include <linux/err.h>
+#include <asm/uaccess.h>
/**
* kzalloc - allocate memory. The memory is set to zero.
@@ -37,3 +39,38 @@ char *kstrdup(const char *s, gfp_t gfp)
return buf;
}
EXPORT_SYMBOL(kstrdup);
+
+/*
+ * strndup_user - duplicate an existing string from user space
+ *
+ * @s: The string to duplicate
+ * @n: Maximum number of bytes to copy, including the trailing NUL.
+ */
+char *strndup_user(const char __user *s, long n)
+{
+ char *p;
+ long length;
+
+ length = strlen_user(s);
+
+ if (!length)
+ return ERR_PTR(-EFAULT);
+
+ if (length > n)
+ length = n;
+
+ p = kmalloc(length, GFP_KERNEL);
+
+ if (!p)
+ return ERR_PTR(-ENOMEM);
+
+ if (strncpy_from_user(p, s, length) < 0) {
+ kfree(p);
+ return ERR_PTR(-EFAULT);
+ }
+
+ p[length - 1] = '\0';
+
+ return p;
+}
+EXPORT_SYMBOL(strndup_user);
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATH 0/2] strndup_user, description
2006-02-15 0:47 [PATH 0/2] strndup_user, description Davi Arnaut
@ 2006-02-15 2:53 ` Alan Cox
2006-02-15 10:42 ` Davi Arnaut
0 siblings, 1 reply; 3+ messages in thread
From: Alan Cox @ 2006-02-15 2:53 UTC (permalink / raw)
To: Davi Arnaut; +Cc: akpm, linux-kernel
On Maw, 2006-02-14 at 21:47 -0300, Davi Arnaut wrote:
> This patch series creates a strndup_user() function in order to avoid duplicated
> and error-prone (userspace modifying the string after the strlen_user()) code.
Well userspace can still modify in this case. So you could still get a
\0 mid buffer but that seems harmless.
However
> +#define strdup_user(s) strndup_user(s, PAGE_SIZE)
Better this doesn't exist as it is a wrapper for a bad habit that isnt
yet used so why encourage it.
> + length = strlen_user(s);
What if n is very large ? Should use strnlen_user clipped by n
Also say the length limit is 8 and the text is "hello\0"
We get length = 5 5 < 8, alloc 5 bytes set 5th to \0 and return "hell
\0"
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATH 0/2] strndup_user, description
2006-02-15 2:53 ` Alan Cox
@ 2006-02-15 10:42 ` Davi Arnaut
0 siblings, 0 replies; 3+ messages in thread
From: Davi Arnaut @ 2006-02-15 10:42 UTC (permalink / raw)
To: Alan Cox; +Cc: akpm, linux-kernel
On Wed, 15 Feb 2006 02:53:10 +0000
Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
> On Maw, 2006-02-14 at 21:47 -0300, Davi Arnaut wrote:
> > This patch series creates a strndup_user() function in order to avoid duplicated
> > and error-prone (userspace modifying the string after the strlen_user()) code.
>
> Well userspace can still modify in this case. So you could still get a
> \0 mid buffer but that seems harmless.
Yes.
> However
>
> > +#define strdup_user(s) strndup_user(s, PAGE_SIZE)
>
> Better this doesn't exist as it is a wrapper for a bad habit that isnt
> yet used so why encourage it.
>
Ok, I will inline it.
>
> > + length = strlen_user(s);
>
> What if n is very large ? Should use strnlen_user clipped by n
That's what "if (length > n) length = n" is for.
> Also say the length limit is 8 and the text is "hello\0"
>
> We get length = 5 5 < 8, alloc 5 bytes set 5th to \0 and return "hell
> \0"
No, we would get length = 6, strlen_user returns the size of the string
_including_ the terminating NUL.
--
Davi Arnaut
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-02-15 9:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-02-15 0:47 [PATH 0/2] strndup_user, description Davi Arnaut
2006-02-15 2:53 ` Alan Cox
2006-02-15 10:42 ` Davi Arnaut
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.