On Mon, 2012-11-26 at 14:24 +0000, Markos Chandras wrote:
> +int __libc_statfs(const char *path, struct statfs *buf)
> +{
> + struct statfs64 b;
> + int err;
> +
> + /*
> + * See if pointer has a sane value.
> + * This does not prevent the user from
> + * passing an arbitrary possitive value
> + * that can lead to a segfault or potential
> + * security problems
> + */
> +
> + if (buf == NULL || (int)buf < 0) {
> + __set_errno(EFAULT);
> + return -1;
> + }
This seems wrong. Doesn't the kernel already validate addresses passed
in from userspace. Even in the no-MMU case, some architectures add
basic checking for user addresses.
In any case, the "(int)buf < 0" is clearly non-portable. C6X can have
perfectly good addresses which make negative ints.
--Mark
_______________________________________________
uClibc mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/uclibc
