ia64: validate user arguments in csum_partial_copy_from_user
csum_partial_copy_from_user needs to validate that the argument points to
userspace and not kernelspace (see for example commit
3ddc5b46a8e90f3c9251338b60191d0a804b0d92). Consequently, we need to use
copy_from_user instead of __copy_from_user.
We also need to change csum_partial_copy_nocheck - this function is called
with src pointing to kernel space, so we call set_fs(KERNEL_DS) to prevent
copy_from_user from failing.
Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
---
arch/ia64/lib/csum_partial_copy.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
Index: linux-2.6-ia64/arch/ia64/lib/csum_partial_copy.c
===================================================================
--- linux-2.6-ia64.orig/arch/ia64/lib/csum_partial_copy.c 2014-01-24 02:40:10.000000000 +0100
+++ linux-2.6-ia64/arch/ia64/lib/csum_partial_copy.c 2014-01-24 03:05:26.000000000 +0100
@@ -116,8 +116,12 @@ csum_partial_copy_from_user(const void _
* scared.
*/
- if (__copy_from_user(dst, src, len) != 0 && errp)
- *errp = -EFAULT;
+ if (copy_from_user(dst, src, len) != 0) {
+ if (*errp)
+ *errp = -EFAULT;
+ memset(dst, 0, len);
+ return psum;
+ }
result = do_csum(dst, len);
@@ -133,8 +137,13 @@ EXPORT_SYMBOL(csum_partial_copy_from_use
__wsum
csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum)
{
- return csum_partial_copy_from_user((__force const void __user *)src,
- dst, len, sum, NULL);
+ __wsum checksum;
+ mm_segment_t oldfs = get_fs();
+ set_fs(KERNEL_DS);
+ checksum = csum_partial_copy_from_user((__force const void __user *)src,
+ dst, len, sum, NULL);
+ set_fs(oldfs);
+ return checksum;
}
EXPORT_SYMBOL(csum_partial_copy_nocheck);
--
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|