mirror of https://github.com/mkerrisk/man-pages
108e40cccb
The BLKRASET/BLKRAGET ioctls() take unsigned long, if I pass int * to the BLKRAGET ioctl on x86_64 (or on any other arch where sizeof(int) != sizeof(long)) the BLKRAGET ioctl will rewrite four bytes on the stack. If you look at block/ioctl.c in kernel sources you can clearly see that BLKRAGET ioctl calls put_long(). Compile following reproducer and run it as ./a.out /dev/sda, you can see that the second member of the array will be zeroed. If you change the array to have only one member you will see stack smashing trace. I also wonder if it's OK to pass int value to ioctl() at all, the arg value seems to be unsigned long in the syscall definition in fs/ioctl.c and there does not seem to be any glibc magic around the syscall. -------------------------8<---------------------------- static int fd; int main(int argc, char *argv[]) { int ra[] = {100, 100}; fd = open(argv[1], O_RDONLY); if (fd < 0) { perror("open"); return 1; } ioctl(fd, BLKRAGET, ra); fprintf(stderr, "%i %i\n", ra[0], ra[1]); return 0; } -------------------------8<---------------------------- Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Cyril Hrubis <chrubis@suse.cz> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com> |
||
---|---|---|
man1 | ||
man2 | ||
man3 | ||
man4 | ||
man5 | ||
man6 | ||
man7 | ||
man8 | ||
scripts | ||
Changes | ||
Changes.old | ||
Makefile | ||
README | ||
man-pages-4.11.Announce | ||
man-pages-4.11.lsm |
README
This package contains Linux man pages for sections 2, 3, 4, 5, and 7. Some more information is given in the `Announce' file. Install by copying to your favourite location. "make install" will just copy them to /usr/share/man/man[1-8]. To install to a path different from /usr use "make install prefix=/install/path". "make" will move the pages from this package that are older than the already installed ones to a subdirectory `not_installed', then remove old versions (compressed or not), compress the pages, and copy them to /usr/share/man/man[1-8]. Note that you may have to remove preformatted pages. Note that sometimes these pages are duplicates of pages also distributed in other packages. This has been reported about dlclose.3, dlerror.3, dlopen.3, dlsym.3 (found in ld.so), about resolver.3, resolv.conf.5 (found in bind-utils), and about passwd.5, and mailaddr.7. Be careful not to overwrite more up-to-date versions. Reports on further duplicates are welcome. Formerly present and now removed duplicates: exports.5 (found in nfs-server-2.2*), fstab.5, nfs.5 (found in util-linux-2.12*), lilo.8, lilo.conf.5 (found in lilo-21.6*). Copyrights: These man pages come under various copyrights. All pages are freely distributable when the nroff source is included. If you have corrections and additions to suggest, see http://www.kernel.org/doc/man-pages/contributing.html