On 02/27/2013 03:33 PM, David Miller wrote:
From: Guenter Roeck <linux@xxxxxxxxxxxx>
Date: Wed, 27 Feb 2013 11:43:51 -0800
Building sctp may fail with:
In function ʽcopy_from_userʼ,
inlined from ʽsctp_getsockopt_assoc_statsʼ at
net/sctp/socket.c:5656:20:
arch/x86/include/asm/uaccess_32.h:211:26: error: call to
ʽcopy_from_user_overflowʼ declared with attribute error: copy_from_user()
buffer size is not provably correct
if built with W=1 due to a missing parameter size validation.
Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
This change is correct, but please fix this by simply moving the:
/* Allow the struct to grow and fill in as much as possible */
len = min_t(size_t, len, sizeof(sas));
line higher up in the function.
And I also prefer this because:
something testing sizeof(foo);
if (copy_from_user(..., ..., sizeof(foo)))
must easier to audit and validate, especially in patch form.
Otherwise I have to bring the code into an editor and read the whole
function just to make sure you got the type correct.
Right. In this particular case, we are after a very small portion of
user data (just the association id) and copying the entire structure is
rather pointless.
A nicer solution here would be to do this:
if (copy_from_user(&sas, optval, sizeof(sctp_assoc_t))
We are already guaranteed that much space and we make sure that we don't
overwrite the kernel stack.
-vlad
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
