Re: [PATCH 16/36] tty/vt: consolemap: check put_user() in con_get_unimap()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07. 06. 22, 16:19, Ilpo Järvinen wrote:
On Tue, 7 Jun 2022, Jiri Slaby wrote:

Only the return value of copy_to_user() is checked in con_get_unimap().
Do the same for put_user() of the count too.

Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
---
  drivers/tty/vt/consolemap.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index 831450f2bfd1..92b5dddb00d9 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -813,7 +813,8 @@ int con_get_unimap(struct vc_data *vc, ushort ct, ushort __user *uct,
  	console_unlock();
  	if (copy_to_user(list, unilist, min(ect, ct) * sizeof(*unilist)))
  		ret = -EFAULT;
-	put_user(ect, uct);
+	if (put_user(ect, uct))
+		ret = -EFAULT;
  	kvfree(unilist);
  	return ret ? ret : (ect <= ct) ? 0 : -ENOMEM;
  }


Doesn't this fix something?

If you mean a Fixes tag, this is pre-git.

If you mean a bug, well, likely yes, users now get informed. But I don't think anyone cares ;). But who knows, maybe we will start seeing userspace failures now (as they might not provide writable count field -- unlikely). That's one of the reasons why I did this as a separate commit. Let's see if are going to revert this or not...

thanks,
--
js
suse labs



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux PPP]     [Linux FS]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Linmodem]     [Device Mapper]     [Linux Kernel for ARM]

  Powered by Linux