On Sat, 26 Mar 2005, Arjan van de Ven wrote:
> On Fri, 2005-03-25 at 23:54 +0100, Arnd Bergmann wrote:
> > On Freedag 25 MÃrz 2005 20:14, Arjan van de Ven wrote:
> >
> > > the randomisation patches came in a series of 8 patches (where several
> > > were general infrastructure); could you try to di
On Sat, 26 Mar 2005, Arjan van de Ven wrote:
> looking at the dosemu code; the following bit looks a tad suspect:
>
> unsigned long int stk_ptr, stk_beg, stk_end;
> ...
> if ((fp = fopen("/proc/self/maps", "r"))) {
> while(fgets(line, 100, fp)) {
> sscanf(line, "%lx-%lx", &stk_beg, &stk
On Sat, 26 Mar 2005, Arjan van de Ven wrote:
>
> > There is one more improbable thing I can think of: comcom. This is
> > dosemu's built-in command.com and uses some very tricky code
> > (coopthreads), which certainly does not work any more with address space
> > randomization. It's deprecated but
extra put_user checks.
The problems:
* d_ino/d_off are undefined for de[0]. Random values from the kernel stack
are copied here into user space.
* d_name, for both de[0] and de[1], is not zero terminated.
* if the long filename in de[1] is empty, d_ino/d_off are also undefined
for de[1].
Sign
. Random values from the kernel stack
are copied from here into user space.
* d_name, for both de[0] and de[1], is not zero terminated.
* if the long filename in de[1] is empty, d_ino/d_off are also undefined
for de[1].
Signed-off-by: Bart Oldeman <[EMAIL PROTECTED]>
testcase:
#includ
k?
There is one problem:
- ret = __fat_readdir(inode, filp, &buf, fat_ioctl_filldir,
+ ret = __fat_readdir(inode, filp, &buf, filldir,
With that change it works and this solution looks cleaner then my
patch.
Signed-off-by: Bart Oldeman <[EMAIL PROTECTED]>
Signed-of
6 matches
Mail list logo
