| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2375c9f90911262230s254b677dke129758715a4a305@mail.gmail.com>
Date: Fri, 27 Nov 2009 14:30:24 +0800
From: Américo Wang <xiyou.wangcong@...il.com>
To: Alexey Dobriyan <adobriyan@...il.com>
Cc: jengelh@...ozas.de, linux-kernel@...r.kernel.org
Subject: Re: Programs die when max_map_count is too large
On Fri, Nov 27, 2009 at 12:48 AM, Alexey Dobriyan <adobriyan@...il.com> wrote:
>> IMO, the problem is 'sysctl_max_map_count' is actually signed int,
>> while when writing to it, the value is treated as unsigned.
>
> The problem is the loop in simple_strtoul(), some people were so afraid
> to touch so they even came up with strict_* variants.
>
>> A better fix which I could imagine is to fix sysctl to understand
>> signed int's.
>
> - int map_count;
> + unsigned int map_count;
>
> This is incomplete at least.
>
Yeah, perhaps.
I got a better fix, but only for max_map_count. Please check it below.
(Sorr for attatching it, gmail's IMAP sucks.)
----------------->
Make negative values for 'max_map_count' invalid, they are meaningless.
And avoid overflow.
I already tested this.
Signed-off-by: WANG Cong <xiyou.wangcong@...il.com>
-------
View attachment "kernel-sysctl-max-map-count-overflow.diff" of type "text/plain" (392 bytes)
Powered by blists - more mailing lists