+ kernel-sysctlc-add-missing-range-check-in-do_proc_dointvec_minmax_conv.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     Subject: kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
has been added to the -mm tree.  Its filename is
     kernel-sysctlc-add-missing-range-check-in-do_proc_dointvec_minmax_conv.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kernel-sysctlc-add-missing-range-check-in-do_proc_dointvec_minmax_conv.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kernel-sysctlc-add-missing-range-check-in-do_proc_dointvec_minmax_conv.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Zev Weiss <zev@xxxxxxxxxxxxxxxxx>
Subject: kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv

This bug has apparently existed since the introduction of this function in
the pre-git era (4500e91754d3 in Thomas Gleixner's history.git, "[NET]:
Add proc_dointvec_userhz_jiffies, use it for proper handling of neighbour
sysctls.").  As a minimal fix we can simply duplicate the corresponding
check in do_proc_dointvec_conv().

Link: http://lkml.kernel.org/r/20190207123426.9202-3-zev@xxxxxxxxxxxxxxxxx
Signed-off-by: Zev Weiss <zev@xxxxxxxxxxxxxxxxx>
Cc: Brendan Higgins <brendanhiggins@xxxxxxxxxx>
Cc: Iurii Zaikin <yzaikin@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Luis Chamberlain <mcgrof@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>	[2.6.2+]
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---


--- a/kernel/sysctl.c~kernel-sysctlc-add-missing-range-check-in-do_proc_dointvec_minmax_conv
+++ a/kernel/sysctl.c
@@ -2579,7 +2579,16 @@ static int do_proc_dointvec_minmax_conv(
 {
 	struct do_proc_dointvec_minmax_conv_param *param = data;
 	if (write) {
-		int val = *negp ? -*lvalp : *lvalp;
+		int val;
+		if (*negp) {
+			if (*lvalp > (unsigned long) INT_MAX + 1)
+				return -EINVAL;
+			val = -*lvalp;
+		} else {
+			if (*lvalp > (unsigned long) INT_MAX)
+				return -EINVAL;
+			val = *lvalp;
+		}
 		if ((param->min && *param->min > val) ||
 		    (param->max && *param->max < val))
 			return -EINVAL;
_

Patches currently in -mm which might be from zev@xxxxxxxxxxxxxxxxx are

test_sysctl-add-tests-for-32-bit-values-written-to-32-bit-integers.patch
kernel-sysctlc-add-missing-range-check-in-do_proc_dointvec_minmax_conv.patch
kernel-sysctlc-define-minmax-conv-functions-in-terms-of-non-minmax-versions.patch




[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux