Re: [PATCH] KEYS: return full count in keyring_read() if buffer is too small

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 26 Oct 2017, Eric Biggers wrote:

> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> Commit e645016abc80 ("KEYS: fix writing past end of user-supplied buffer
> in keyring_read()") made keyring_read() stop corrupting userspace memory
> when the user-supplied buffer is too small.  However it also made the
> return value in that case be the short buffer size rather than the size
> required, yet keyctl_read() is actually documented to return the size
> required.  Therefore, switch it over to the documented behavior.
> 
> Note that for now we continue to have it fill the short buffer, since it
> did that before (pre-v3.13) and dump_key_tree_aux() in keyutils arguably
> relies on it.
> 
> Fixes: e645016abc80 ("KEYS: fix writing past end of user-supplied buffer in keyring_read()")
> Reported-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx> # v3.13+
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>


Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx>

-- 
James Morris
<james.l.morris@xxxxxxxxxx>




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]