linux-hardened/drivers/w1
David Fries 347ba8a588 W1: w1_therm fix user buffer overflow and cat
Fixed data reading bug by replacing binary attribute with device one.

Switching the sysfs read from bin_attribute to device_attribute.  The data
is far under PAGE_SIZE so the binary interface isn't required.  As the
device_attribute interface will make one call to w1_therm_read per file
open and buffer, the result is, the following problems go away.

buffer overflow:
	Execute a short read on w1_slave and w1_therm_read_bin would still
	return the full string size worth of data clobbering the user space
	buffer when it returned.  Switching to device_attribute avoids the
	buffer overflow problems.  With the snprintf formatted output dealing
	with short reads without doing a conversion per read would have
	been difficult.
bad behavior:
	`cat w1_slave` would cause two temperature conversions to take place.
	Previously the code assumed W1_SLAVE_DATA_SIZE would be returned with
	each read.  It would not return 0 unless the offset was less
	than W1_SLAVE_DATA_SIZE.  The result was the first read did a
	temperature conversion, filled the buffer and returned, the
	offset in the second read would be less than
	W1_SLAVE_DATA_SIZE and also fill the buffer and return, the
	third read would finnally have a big enough offset to return 0
	and cause cat to stop.  Now w1_therm_read will be called at
	most once per open.

Signed-off-by: David Fries <david@fries.net>
Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-16 11:21:50 -07:00
..
masters W1: fix deadlocks and remove w1_control_thread 2008-10-16 11:21:49 -07:00
slaves W1: w1_therm fix user buffer overflow and cat 2008-10-16 11:21:50 -07:00
Kconfig Kbuild/doc: fix links to Documentation files 2007-10-30 14:26:30 -07:00
Makefile [PATCH] better CONFIG_W1_SLAVE_DS2433_CRC handling 2006-12-07 08:39:43 -08:00
w1.c W1: w1_slave_read_id read bug, use device_attribute 2008-10-16 11:21:50 -07:00
w1.h W1: w1_therm fix user buffer overflow and cat 2008-10-16 11:21:50 -07:00
w1_family.c W1: fix deadlocks and remove w1_control_thread 2008-10-16 11:21:49 -07:00
w1_family.h W1: fix deadlocks and remove w1_control_thread 2008-10-16 11:21:49 -07:00
w1_int.c W1: new module parameter search_count 2008-10-16 11:21:49 -07:00
w1_int.h [PATCH] w1: cleanups. 2005-06-21 21:43:09 -07:00
w1_io.c W1: feature, enable hardware strong pullup 2008-10-16 11:21:49 -07:00
w1_log.h drivers: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:53 -07:00
w1_netlink.c [PATCH] w1: Use mutexes instead of semaphores. 2006-06-22 11:22:50 -07:00
w1_netlink.h [PATCH] w1: Move w1-connector definitions into linux/include/connector.h 2006-06-22 11:22:50 -07:00