Re: drivers/s390/char/keyboard.c kernel stack infoleak

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 05.08.2017 03:57, sohu0106 wrote:
> My idea is 
> 
> struct kbdiacr {
>         unsigned char diacr, base, result;
> };
> 
> sizeof(struct kbdiacr)=4  
> 
> here we just set 3 bytes 
> case KDGKBDIACR:
> {
> struct kbdiacrs __user *a = argp;
> struct kbdiacr diacr;
> int i;
> 
> if (put_user(kbd->accent_table_size, &a->kb_cnt))
> return -EFAULT;
> for (i = 0; i < kbd->accent_table_size; i++) {
> diacr.diacr = kbd->accent_table[i].diacr;
> diacr.base = kbd->accent_table[i].base;
> diacr.result = kbd->accent_table[i].result;
> if (copy_to_user(a->kbdiacr + i, &diacr, sizeof(struct kbdiacr)))
> Is there anything I haven't noticed?

Yes: sizeof(struct kbdiacr) is 3 here.

 Thomas
--
To unsubscribe from this list: send the line "unsubscribe linux-s390" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux