lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 Feb 2009 00:40:22 -0800
From:	Shakesh Jain <shjain@...mai.com>, ShakeshJain@...mai.com
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Jason Uhlenkott <juhlenko@...mai.com>
Subject: [PATCH] sysctl: min-max range check is broken

do_proc_dointvec_minmax_conv() which gets callled from
proc_dointvec_minmax proc_handler doesn't increment the pointer to
the 'min' (extra1) and 'max' (extra2) after each range check which
results in doing the check against same set of min and max values.

This breaks the range checking for those sysctl's where you can
write multiple values to /proc with each variable having its own range
specification.

It seems to be implemented for the sysctl() system call strategy in
sysctl_intvec() where min and max are treated as arrays.

Signed-off-by: Shakesh Jain <shjain@...mai.com>
---
 kernel/sysctl.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
========================================================================
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 368d163..50bffcd 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2377,8 +2377,8 @@ static int do_proc_dointvec_minmax_conv(int *negp, unsigned long *lvalp,
 	struct do_proc_dointvec_minmax_conv_param *param = data;
 	if (write) {
 		int val = *negp ? -*lvalp : *lvalp;
-		if ((param->min && *param->min > val) ||
-		    (param->max && *param->max < val))
+		if ((param->min && *(param->min++) > val) ||
+		    (param->max && *(param->max++) < val))
 			return -EINVAL;
 		*valp = val;
 	} else {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ