* [PATCH] dns_resolver: assure that dns_query() result is null-terminated
@ 2014-06-07 17:56 Manuel Schölling
2014-06-07 18:54 ` Trond Myklebust
0 siblings, 1 reply; 10+ messages in thread
From: Manuel Schölling @ 2014-06-07 17:56 UTC (permalink / raw)
To: davem; +Cc: jeffrey.t.kirsher, netdev, linux-kernel, Manuel Schölling
dns_query() credulously assumes that keys are null-terminated and
returns a copy of a memory block that is off by one.
---
net/dns_resolver/dns_query.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index e7b6d53..53be635 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
if (!*_result)
goto put;
- memcpy(*_result, upayload->data, len + 1);
+ memcpy(*_result, upayload->data, len);
+ *_result[len+1] = '\0';
+
if (_expiry)
*_expiry = rkey->expiry;
--
1.7.10.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 17:56 [PATCH] dns_resolver: assure that dns_query() result is null-terminated Manuel Schölling
@ 2014-06-07 18:54 ` Trond Myklebust
2014-06-07 18:57 ` Manuel Schoelling
2014-06-07 19:01 ` [PATCH v2] " Manuel Schölling
0 siblings, 2 replies; 10+ messages in thread
From: Trond Myklebust @ 2014-06-07 18:54 UTC (permalink / raw)
To: Manuel Schölling
Cc: Miller David S., jeffrey.t.kirsher, netdev, Linux Kernel mailing list
On Sat, Jun 7, 2014 at 1:56 PM, Manuel Schölling
<manuel.schoelling@gmx.de> wrote:
> dns_query() credulously assumes that keys are null-terminated and
> returns a copy of a memory block that is off by one.
> ---
> net/dns_resolver/dns_query.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
> index e7b6d53..53be635 100644
> --- a/net/dns_resolver/dns_query.c
> +++ b/net/dns_resolver/dns_query.c
> @@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
> if (!*_result)
> goto put;
>
> - memcpy(*_result, upayload->data, len + 1);
> + memcpy(*_result, upayload->data, len);
> + *_result[len+1] = '\0';
Off by one...
> +
> if (_expiry)
> *_expiry = rkey->expiry;
>
> --
> 1.7.10.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Trond Myklebust
Linux NFS client maintainer, PrimaryData
trond.myklebust@primarydata.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 18:54 ` Trond Myklebust
@ 2014-06-07 18:57 ` Manuel Schoelling
2014-06-07 19:01 ` [PATCH v2] " Manuel Schölling
1 sibling, 0 replies; 10+ messages in thread
From: Manuel Schoelling @ 2014-06-07 18:57 UTC (permalink / raw)
To: Trond Myklebust
Cc: Miller David S., jeffrey.t.kirsher, netdev, Linux Kernel mailing list
LOL, that was stupid!
Sorry, I'll send a corrected version in a second...
On Sa, 2014-06-07 at 14:54 -0400, Trond Myklebust wrote:
> On Sat, Jun 7, 2014 at 1:56 PM, Manuel Schölling
> <manuel.schoelling@gmx.de> wrote:
> > dns_query() credulously assumes that keys are null-terminated and
> > returns a copy of a memory block that is off by one.
> > ---
> > net/dns_resolver/dns_query.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
> > index e7b6d53..53be635 100644
> > --- a/net/dns_resolver/dns_query.c
> > +++ b/net/dns_resolver/dns_query.c
> > @@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
> > if (!*_result)
> > goto put;
> >
> > - memcpy(*_result, upayload->data, len + 1);
> > + memcpy(*_result, upayload->data, len);
> > + *_result[len+1] = '\0';
>
> Off by one...
>
> > +
> > if (_expiry)
> > *_expiry = rkey->expiry;
> >
> > --
> > 1.7.10.4
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.tux.org/lkml/
>
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 18:54 ` Trond Myklebust
2014-06-07 18:57 ` Manuel Schoelling
@ 2014-06-07 19:01 ` Manuel Schölling
2014-06-07 21:42 ` David Rientjes
2014-06-07 21:57 ` [PATCH v3] " Manuel Schölling
1 sibling, 2 replies; 10+ messages in thread
From: Manuel Schölling @ 2014-06-07 19:01 UTC (permalink / raw)
To: davem; +Cc: jeffrey.t.kirsher, netdev, linux-kernel, Manuel Schölling
dns_query() credulously assumes that keys are null-terminated and
returns a copy of a memory block that is off by one.
---
net/dns_resolver/dns_query.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index e7b6d53..84871a2 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
len = upayload->datalen;
ret = -ENOMEM;
- *_result = kmalloc(len + 1, GFP_KERNEL);
+ *_result = kzalloc(len + 1, GFP_KERNEL);
if (!*_result)
goto put;
- memcpy(*_result, upayload->data, len + 1);
+ memcpy(*_result, upayload->data, len);
if (_expiry)
*_expiry = rkey->expiry;
--
1.7.10.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 19:01 ` [PATCH v2] " Manuel Schölling
@ 2014-06-07 21:42 ` David Rientjes
2014-06-07 21:53 ` Manuel Schoelling
2014-06-07 21:57 ` Sergei Shtylyov
2014-06-07 21:57 ` [PATCH v3] " Manuel Schölling
1 sibling, 2 replies; 10+ messages in thread
From: David Rientjes @ 2014-06-07 21:42 UTC (permalink / raw)
To: Manuel Schölling; +Cc: davem, jeffrey.t.kirsher, netdev, linux-kernel
[-- Attachment #1: Type: TEXT/PLAIN, Size: 1155 bytes --]
On Sat, 7 Jun 2014, Manuel Schölling wrote:
> dns_query() credulously assumes that keys are null-terminated and
> returns a copy of a memory block that is off by one.
No sign-off? Please read Documentation/SubmittingPatches.
> ---
> net/dns_resolver/dns_query.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
> index e7b6d53..84871a2 100644
> --- a/net/dns_resolver/dns_query.c
> +++ b/net/dns_resolver/dns_query.c
> @@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
> len = upayload->datalen;
>
> ret = -ENOMEM;
> - *_result = kmalloc(len + 1, GFP_KERNEL);
> + *_result = kzalloc(len + 1, GFP_KERNEL);
> if (!*_result)
> goto put;
>
> - memcpy(*_result, upayload->data, len + 1);
> + memcpy(*_result, upayload->data, len);
> if (_expiry)
> *_expiry = rkey->expiry;
>
kzalloc() would be unnecessary overhead (zeroing definitely comes with a
cost) if you're going to copy to the memory immediately afterwards. Just
leave the kmalloc(), do the memcpy() and explicitly zero terminate it
_result.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 21:42 ` David Rientjes
@ 2014-06-07 21:53 ` Manuel Schoelling
2014-06-07 22:02 ` David Rientjes
2014-06-07 21:57 ` Sergei Shtylyov
1 sibling, 1 reply; 10+ messages in thread
From: Manuel Schoelling @ 2014-06-07 21:53 UTC (permalink / raw)
To: David Rientjes; +Cc: davem, jeffrey.t.kirsher, netdev, linux-kernel
On Sa, 2014-06-07 at 14:42 -0700, David Rientjes wrote:
> On Sat, 7 Jun 2014, Manuel Schölling wrote:
>
> > dns_query() credulously assumes that keys are null-terminated and
> > returns a copy of a memory block that is off by one.
>
> No sign-off? Please read Documentation/SubmittingPatches.
It's just not my day today.
Sorry, I forgot about the sign-off.
> > ---
> > net/dns_resolver/dns_query.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
> > index e7b6d53..84871a2 100644
> > --- a/net/dns_resolver/dns_query.c
> > +++ b/net/dns_resolver/dns_query.c
> > @@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
> > len = upayload->datalen;
> >
> > ret = -ENOMEM;
> > - *_result = kmalloc(len + 1, GFP_KERNEL);
> > + *_result = kzalloc(len + 1, GFP_KERNEL);
> > if (!*_result)
> > goto put;
> >
> > - memcpy(*_result, upayload->data, len + 1);
> > + memcpy(*_result, upayload->data, len);
> > if (_expiry)
> > *_expiry = rkey->expiry;
> >
>
> kzalloc() would be unnecessary overhead (zeroing definitely comes with a
> cost) if you're going to copy to the memory immediately afterwards. Just
> leave the kmalloc(), do the memcpy() and explicitly zero terminate it
> _result.
Using kzalloc() was suggested of a developer on IRC (#kernelnewbies) but
if you prefer kmalloc, that's ok, too.
I'll send you a corrected patch in a second.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v3] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 19:01 ` [PATCH v2] " Manuel Schölling
2014-06-07 21:42 ` David Rientjes
@ 2014-06-07 21:57 ` Manuel Schölling
2014-06-11 7:12 ` David Miller
1 sibling, 1 reply; 10+ messages in thread
From: Manuel Schölling @ 2014-06-07 21:57 UTC (permalink / raw)
To: davem; +Cc: jeffrey.t.kirsher, netdev, linux-kernel, Manuel Schölling
dns_query() credulously assumes that keys are null-terminated and
returns a copy of a memory block that is off by one.
Signed-off-by: Manuel Schölling <manuel.schoelling@gmx.de>
---
net/dns_resolver/dns_query.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index e7b6d53..6853d22 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
if (!*_result)
goto put;
- memcpy(*_result, upayload->data, len + 1);
+ memcpy(*_result, upayload->data, len);
+ *_result[len] = '\0';
+
if (_expiry)
*_expiry = rkey->expiry;
--
1.7.10.4
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 21:42 ` David Rientjes
2014-06-07 21:53 ` Manuel Schoelling
@ 2014-06-07 21:57 ` Sergei Shtylyov
1 sibling, 0 replies; 10+ messages in thread
From: Sergei Shtylyov @ 2014-06-07 21:57 UTC (permalink / raw)
To: Manuel Schölling
Cc: David Rientjes, davem, jeffrey.t.kirsher, netdev, linux-kernel
On 06/08/2014 01:42 AM, David Rientjes wrote:
>> dns_query() credulously assumes that keys are null-terminated and
>> returns a copy of a memory block that is off by one.
> No sign-off? Please read Documentation/SubmittingPatches.
>> ---
>> net/dns_resolver/dns_query.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
>> index e7b6d53..84871a2 100644
>> --- a/net/dns_resolver/dns_query.c
>> +++ b/net/dns_resolver/dns_query.c
>> @@ -145,11 +145,11 @@ int dns_query(const char *type, const char *name, size_t namelen,
>> len = upayload->datalen;
>>
>> ret = -ENOMEM;
>> - *_result = kmalloc(len + 1, GFP_KERNEL);
>> + *_result = kzalloc(len + 1, GFP_KERNEL);
>> if (!*_result)
>> goto put;
>>
>> - memcpy(*_result, upayload->data, len + 1);
>> + memcpy(*_result, upayload->data, len);
>> if (_expiry)
>> *_expiry = rkey->expiry;
> kzalloc() would be unnecessary overhead (zeroing definitely comes with a
> cost) if you're going to copy to the memory immediately afterwards. Just
> leave the kmalloc(), do the memcpy() and explicitly zero terminate it
> _result.
You can also replace kmalloc()/memcpy() with kmemdup().
WBR, Sergei
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v2] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 21:53 ` Manuel Schoelling
@ 2014-06-07 22:02 ` David Rientjes
0 siblings, 0 replies; 10+ messages in thread
From: David Rientjes @ 2014-06-07 22:02 UTC (permalink / raw)
To: Manuel Schoelling; +Cc: davem, jeffrey.t.kirsher, netdev, linux-kernel
On Sat, 7 Jun 2014, Manuel Schoelling wrote:
> > kzalloc() would be unnecessary overhead (zeroing definitely comes with a
> > cost) if you're going to copy to the memory immediately afterwards. Just
> > leave the kmalloc(), do the memcpy() and explicitly zero terminate it
> > _result.
>
> Using kzalloc() was suggested of a developer on IRC (#kernelnewbies) but
> if you prefer kmalloc, that's ok, too.
> I'll send you a corrected patch in a second.
>
Using kzalloc() here instead of kmalloc() is functionally equivalent to
if (*_result) {
memset(*_result, 0, len + 1);
memcpy(*_result, upayload->data, len);
}
so for anything with len > 1 there is an unnecessary overhead in doing
this. k?alloc() can return object sizes larger than len + 1 here as well
(usually power-of-2 sizes are supported by the slab allocator) so
depending on the value of len, you may be zeroing more memory than
copying.
Your first patch had the right idea, it's just off by one.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH v3] dns_resolver: assure that dns_query() result is null-terminated
2014-06-07 21:57 ` [PATCH v3] " Manuel Schölling
@ 2014-06-11 7:12 ` David Miller
0 siblings, 0 replies; 10+ messages in thread
From: David Miller @ 2014-06-11 7:12 UTC (permalink / raw)
To: manuel.schoelling; +Cc: jeffrey.t.kirsher, netdev, linux-kernel
From: Manuel Schölling <manuel.schoelling@gmx.de>
Date: Sat, 7 Jun 2014 23:57:25 +0200
> dns_query() credulously assumes that keys are null-terminated and
> returns a copy of a memory block that is off by one.
>
> Signed-off-by: Manuel Schölling <manuel.schoelling@gmx.de>
Applied, thanks.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2014-06-11 7:12 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-07 17:56 [PATCH] dns_resolver: assure that dns_query() result is null-terminated Manuel Schölling
2014-06-07 18:54 ` Trond Myklebust
2014-06-07 18:57 ` Manuel Schoelling
2014-06-07 19:01 ` [PATCH v2] " Manuel Schölling
2014-06-07 21:42 ` David Rientjes
2014-06-07 21:53 ` Manuel Schoelling
2014-06-07 22:02 ` David Rientjes
2014-06-07 21:57 ` Sergei Shtylyov
2014-06-07 21:57 ` [PATCH v3] " Manuel Schölling
2014-06-11 7:12 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.