| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.00.0908121522350.7135@chino.kir.corp.google.com> Date: Wed, 12 Aug 2009 15:24:09 -0700 (PDT) From: David Rientjes <rientjes@...gle.com> To: Vincent Li <macli@....ubc.ca> cc: linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] fs/proc/task_mmu.c: fix clear_refs_write() input sanity check On Wed, 12 Aug 2009, Vincent Li wrote: > diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c > index 2079969..026b532 100644 > --- a/fs/proc/task_mmu.c > +++ b/fs/proc/task_mmu.c > @@ -494,18 +494,17 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf, > char buffer[PROC_NUMBUF], *end; > struct mm_struct *mm; > struct vm_area_struct *vma; > - int type; > + long res; > What does `res' mean? Why can't it just be left as `type'? > memset(buffer, 0, sizeof(buffer)); > if (count > sizeof(buffer) - 1) > count = sizeof(buffer) - 1; > if (copy_from_user(buffer, buf, count)) > return -EFAULT; > - type = simple_strtol(buffer, &end, 0); > - if (type < CLEAR_REFS_ALL || type > CLEAR_REFS_MAPPED) > + if (strict_strtol(strstrip(buffer), 10, &res) > + return -EINVAL; Please test your patch submissions (which would require that the above actually compiles). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists