[nacked] kernel-sysctlc-avoid-overflow.patch removed from -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: kernel/sysctl.c: avoid overflow
has been removed from the -mm tree.  Its filename was
     kernel-sysctlc-avoid-overflow.patch

This patch was dropped because it was nacked

------------------------------------------------------
From: Heinrich Schuchardt <xypron.glpk@xxxxxx>
Subject: kernel/sysctl.c: avoid overflow

An undetected overflow may occur in do_proc_dointvec_minmax_conv_param.

Link: http://lkml.kernel.org/r/1465608788-4813-1-git-send-email-xypron.glpk@xxxxxx
Signed-off-by: Heinrich Schuchardt <xypron.glpk@xxxxxx>
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 kernel/sysctl.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff -puN kernel/sysctl.c~kernel-sysctlc-avoid-overflow kernel/sysctl.c
--- a/kernel/sysctl.c~kernel-sysctlc-avoid-overflow
+++ a/kernel/sysctl.c
@@ -2302,7 +2302,17 @@ static int do_proc_dointvec_minmax_conv(
 {
 	struct do_proc_dointvec_minmax_conv_param *param = data;
 	if (write) {
-		int val = *negp ? -*lvalp : *lvalp;
+		int val;
+
+		if (*negp) {
+			if (*lvalp > (unsigned long) INT_MAX + 1)
+				return -EINVAL;
+			val = -*lvalp;
+		} else {
+			if (*lvalp > (unsigned long) INT_MAX)
+				return -EINVAL;
+			val = *lvalp;
+		}
 		if ((param->min && *param->min > val) ||
 		    (param->max && *param->max < val))
 			return -EINVAL;
_

Patches currently in -mm which might be from xypron.glpk@xxxxxx are


--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux