| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200911051847.36103.mb@bu3sch.de>
Date: Thu, 5 Nov 2009 18:47:33 +0100
From: Michael Buesch <mb@...sch.de>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Jiri Kosina <jkosina@...e.cz>,
Michael Gilbert <michael.s.gilbert@...il.com>,
Jack Steiner <steiner@....com>, linux-kernel@...r.kernel.org,
stable@...nel.org
Subject: Re: CVE-2009-2584
On Thursday 05 November 2009 18:38:21 Linus Torvalds wrote:
> @@ -161,14 +161,15 @@ static int options_show(struct seq_file *s, void *p)
> static ssize_t options_write(struct file *file, const char __user *userbuf,
> size_t count, loff_t *data)
> {
> - unsigned long val;
> - char buf[80];
> + char buf[16];
>
> - if (strncpy_from_user(buf, userbuf, sizeof(buf) - 1) < 0)
> + if (count >= sizeof(buf))
> + return -EINVAL;
> + if (copy_from_user(buf, userbuf, count))
> return -EFAULT;
> - buf[count - 1] = '\0';
> - if (!strict_strtoul(buf, 10, &val))
> - gru_options = val;
> + buf[count] = '\0';
> + if (strict_strtoul(buf, 0, &gru_options))
> + return -EINVAL;
>
> return count;
> }
>
>
Looks OK to me. I can't test it however, as I don't own the hardware.
--
Greetings, Michael.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists