| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19119.14970.129589.518079@cargo.ozlabs.ibm.com> Date: Tue, 15 Sep 2009 16:55:54 +1000 From: Paul Mackerras <paulus@...ba.org> To: Xiao Guangrong <xiaoguangrong@...fujitsu.com> Cc: Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <peterz@...radead.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] perf_counter: fix buffer overflow in perf_copy_attr() Xiao Guangrong writes: > If we pass a big size data over perf_counter_open syscall, the kernel > will copy this data to a small buffer, It will cause kernel crash. > > This bug make kernel unsafe and no-root user can trigger it. > > Signed-off-by: Xiao Guangrong <xiaoguangrong@...fujitsu.com> > --- > kernel/perf_counter.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/kernel/perf_counter.c b/kernel/perf_counter.c > index 667ab25..75c46c0 100644 > --- a/kernel/perf_counter.c > +++ b/kernel/perf_counter.c > @@ -4216,6 +4216,7 @@ static int perf_copy_attr(struct perf_counter_attr __user *uattr, > if (val) > goto err_size; > } > + size = sizeof(*attr); Looks right to me. Acked-by: Paul Mackerras <paulus@...ba.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists