Re: [darwin-kernel] devfs_make_node mutilates pathname on Leopard?
Re: [darwin-kernel] devfs_make_node mutilates pathname on Leopard?
- Subject: Re: [darwin-kernel] devfs_make_node mutilates pathname on Leopard?
- From: Nick Blievers <email@hidden>
- Date: Thu, 13 Dec 2007 09:08:50 +0800
Specifically, creation of subdirectories in /dev is not officially
supported, don't do that.
The change of function precludes kernel buffer overflow based crashes
for some device drivers using name information supplied from user
space. Even with the "off by one" introduced in the changeover, the
buffet overrun is avoided, which is a good thing for kernel stability.
In general, device node length is constrained overall to a value
"reasonable" for a single path component, which means the more /'s you
used, the shorter the name allowed for the eventual device anyway. I
think the overall limit is something like 32 characters; if that's not
exactly correct, whatever it is is a heck of a lot smaller than
PATH_MAX at 1024 bytes.
-- Terry
From what I remember the limit discussed was 32, however looking at the code it appears the limit is DEVMAXPATHSIZE (128) for the full path and DEVMAXNAMESIZE (32) for each element. Also I believe this limit existed pre-Leopard, just wasn't enforced, and hence buffer-overrun's where possible.
So currently our solution is to test the kernel version and add a bogus character to the path element in out devfs_make_node() call... this is the only way to do it without using functions that are not exported.
Hope this helps,
Nick
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden