From 38584c14bbba02d8aedace335073b30e49de66a0 Mon Sep 17 00:00:00 2001 From: Jeff Moyer Date: Sat, 10 Feb 2007 01:46:10 -0800 Subject: [PATCH] raw: don't allow the creation of a raw device with minor number 0 Minor number 0 (under the raw major) is reserved for the rawctl device file, which is used to query, set, and unset raw device bindings. However, the ioctl interface does not protect the user from specifying a raw device with minor number 0: $ sudo ./raw /dev/raw/raw0 /dev/VolGroup00/swap /dev/raw/raw0: bound to major 253, minor 2 $ ls -l /dev/rawctl ls: /dev/rawctl: No such file or directory $ ls -l /dev/raw/raw0 crw------- 1 root root 162, 0 Jan 12 10:51 /dev/raw/raw0 $ sudo ./raw -qa Cannot open master raw device '/dev/rawctl' (No such file or directory) As you can see, this prevents any further raw operations from succeeding. The fix (from Steve Fernandez) is quite simple--do not allow the allocation of minor number 0. Signed-off-by: Jeff Moyer Cc: Steven Fernandez Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/char/raw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/raw.c b/drivers/char/raw.c index 645e20a06ece..1f0d7c60c944 100644 --- a/drivers/char/raw.c +++ b/drivers/char/raw.c @@ -154,7 +154,7 @@ static int raw_ctl_ioctl(struct inode *inode, struct file *filp, goto out; } - if (rq.raw_minor < 0 || rq.raw_minor >= MAX_RAW_MINORS) { + if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) { err = -EINVAL; goto out; } -- cgit v1.2.3