| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 07 Jul 2018 13:29:41 +1000
From: NeilBrown <neilb@...e.com>
To: Jann Horn <jannh@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
Kees Cook <keescook@...omium.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
linux-doc@...r.kernel.org,
kernel list <linux-kernel@...r.kernel.org>,
linux-fsdevel@...r.kernel.org, Jonathan Corbet <corbet@....net>
Subject: [PATCH mm] VFS: seq_file: ensure ->from is valid.
Previous patch ("VFS: simplify seq_file iteration code and interface")
removed code to set ->from to zero when ->count is zero, as ->from is
dead at that time. However it didn't ensure ->from was set properly
whenever ->count becomes non-zero.
This can only happen when ->show() is called. Of the three places it
is called one already has ->from set to zero. The other two are
fixed by setting from to zero after fully flushing the buffer (at which
point ->count will also be zero).
Reported-by: Jann Horn <jannh@...gle.com>
Signed-off-by: NeilBrown <neilb@...e.com>
---
fs/seq_file.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/seq_file.c b/fs/seq_file.c
index fd82585ab50f..1dea7a8a5255 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -220,6 +220,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
goto Done;
}
/* we need at least one record in buffer */
+ m->from = 0;
p = m->op->start(m, &m->index);
while (1) {
err = PTR_ERR(p);
--
2.14.0.rc0.dirty
Download attachment "signature.asc" of type "application/pgp-signature" (833 bytes)
Powered by blists - more mailing lists