From ac3cb3e487a980ccade6650b85ce845e875af91b Mon Sep 17 00:00:00 2001 From: Jeff Moyer Date: Sun, 20 Jan 2008 21:31:32 +0200 Subject: raw: don't allow the creation of a raw device with minor number 0 Minor number 0 (under the raw major) is reserved for the rawctl device file, which is used to query, set, and unset raw device bindings. However, the ioctl interface does not protect the user from specifying a raw device with minor number 0: $ sudo ./raw /dev/raw/raw0 /dev/VolGroup00/swap /dev/raw/raw0: bound to major 253, minor 2 $ ls -l /dev/rawctl ls: /dev/rawctl: No such file or directory $ ls -l /dev/raw/raw0 crw------- 1 root root 162, 0 Jan 12 10:51 /dev/raw/raw0 $ sudo ./raw -qa Cannot open master raw device '/dev/rawctl' (No such file or directory) As you can see, this prevents any further raw operations from succeeding. The fix (from Steve Fernandez) is quite simple - do not allow the allocation of minor number 0. Signed-off-by: Jeff Moyer Signed-off-by: Adrian Bunk --- drivers/char/raw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/raw.c b/drivers/char/raw.c index 30e4cbe16bb..aa26e635c38 100644 --- a/drivers/char/raw.c +++ b/drivers/char/raw.c @@ -154,7 +154,7 @@ static int raw_ctl_ioctl(struct inode *inode, struct file *filp, goto out; } - if (rq.raw_minor < 0 || rq.raw_minor >= MAX_RAW_MINORS) { + if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) { err = -EINVAL; goto out; } -- cgit v1.2.3-18-g5258