| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Mar 2016 11:17:23 +0800 From: Jiang Lu <lu.jiang@...driver.com> To: <gregkh@...uxfoundation.org>, <linux-kernel@...r.kernel.org>, <linux-serial@...r.kernel.org> Subject: [v2] serial_core:recognize invalid pointer from userspace compat_ioctl use 0xffffffff as a magic number to mark invalid pointer for iomem_base in serial_struct when truncating a 64bit pointer into 32bit. Serial driver need recognize this invalid pointer when parsing serial_struct from userspace. Signed-off-by: Jiang Lu <lu.jiang@...driver.com> --- drivers/tty/serial/serial_core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index a5d545e..d293536 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -745,6 +745,9 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, * allocations, we should treat type changes the same as * IO port changes. */ + if ((unsigned long)new_info->iomem_base == 0xffffffff) + new_info->iomem_base = (void *)(unsigned long)uport->mapbase; + change_port = !(uport->flags & UPF_FIXED_PORT) && (new_port != uport->iobase || (unsigned long)new_info->iomem_base != uport->mapbase || -- 1.9.1
Powered by blists - more mailing lists