+ sysctl-fix-min-max-handling-in-__do_proc_doulongvec_minmax.patch added to -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Mon, 04 Oct 2010 13:10:46 -0700

The patch titled
     sysctl: fix min/max handling in __do_proc_doulongvec_minmax()
has been added to the -mm tree.  Its filename is
     sysctl-fix-min-max-handling-in-__do_proc_doulongvec_minmax.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this

The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/

------------------------------------------------------
Subject: sysctl: fix min/max handling in __do_proc_doulongvec_minmax()
From: Eric Dumazet <eric.dumazet@xxxxxxxxx>

When proc_doulongvec_minmax() is used with an array of longs, and no
min/max check requested (.extra1 or .extra2 being NULL), we dereference a
NULL pointer for the second element of the array.

Noticed while doing some changes in network stack for the "16TB problem"

Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 kernel/sysctl.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff -puN kernel/sysctl.c~sysctl-fix-min-max-handling-in-__do_proc_doulongvec_minmax kernel/sysctl.c

--- a/kernel/sysctl.c~sysctl-fix-min-max-handling-in-__do_proc_doulongvec_minmax
+++ a/kernel/sysctl.c
@@ -2500,7 +2500,8 @@ static int __do_proc_doulongvec_minmax(v
 				break;
 			if (neg)
 				continue;
-			if ((min && val < *min) || (max && val > *max))
+			if ((table->extra1 && val < *min) ||
+			    (table->extra2 && val > *max))
 				continue;
 			*i = val;
 		} else {
_

Patches currently in -mm which might be from eric.dumazet@xxxxxxxxx are

origin.patch
sysctl-fix-min-max-handling-in-__do_proc_doulongvec_minmax.patch
linux-next.patch
signals-annotate-lock_task_sighand.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





