| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 May 2016 15:41:06 +0200
From: Heiko Carstens <heiko.carstens@...ibm.com>
To: Muhammad Falak R Wani <falakreyaz@...il.com>
Cc: Martin Schwidefsky <schwidefsky@...ibm.com>,
Jan Kara <jack@...e.cz>, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] ks390/keyboard: use memdup_user_nul().
On Fri, May 20, 2016 at 06:51:20PM +0530, Muhammad Falak R Wani wrote:
> Use memdup_user_nul to duplicate a memory region from user-space
> to kernel-space and terminate with a NULL, instead of open coding
> using kmalloc + copy_from_user and explicitly NULL terminating.
>
> Signed-off-by: Muhammad Falak R Wani <falakreyaz@...il.com>
> ---
> drivers/s390/char/keyboard.c | 11 +++--------
> 1 file changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/s390/char/keyboard.c b/drivers/s390/char/keyboard.c
> index ef04a9f..f82a7dc 100644
> --- a/drivers/s390/char/keyboard.c
> +++ b/drivers/s390/char/keyboard.c
> @@ -438,18 +438,13 @@ do_kdgkb_ioctl(struct kbd_data *kbd, struct kbsentry __user *u_kbs,
> return -EFAULT;
> if (len > sizeof(u_kbs->kb_string))
> return -EINVAL;
> - p = kmalloc(len, GFP_KERNEL);
> - if (!p)
> - return -ENOMEM;
> - if (copy_from_user(p, u_kbs->kb_string, len)) {
> - kfree(p);
> - return -EFAULT;
> - }
> + p = memdup_user_nul(u_kbs->kb_string, len);
> + if (IS_ERR(p))
> + return PTR_ERR(p);
> /*
> * Make sure the string is terminated by 0. User could have
> * modified it between us running strnlen_user() and copying it.
> */
> - p[len - 1] = 0;
I removed the comment above as well and folded that into your patch.
Applied, thanks!
Powered by blists - more mailing lists