| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHGf_=ov5B6LTB+fXHAsVkw-qW7QrnJ1y-nEzWOxPK_KKm7hGQ@mail.gmail.com> Date: Thu, 22 Dec 2011 11:58:13 -0500 From: KOSAKI Motohiro <kosaki.motohiro@...il.com> To: Naotaka Hamaguchi <n.hamaguchi@...fujitsu.com> Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH] mm: mmap system call does not return EOVERFLOW > To fix this bug, it is necessary to compare "off" plus "len" > with "off" by units of "off_t". The patch is here: > > Signed-off-by: Naotaka Hamaguchi <n.hamaguchi@...fujitsu.com> > --- > mm/mmap.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/mm/mmap.c b/mm/mmap.c > index eae90af..e74e736 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -948,6 +948,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, > vm_flags_t vm_flags; > int error; > unsigned long reqprot = prot; > + off_t off = pgoff << PAGE_SHIFT; > > /* > * Does the application expect PROT_READ to imply PROT_EXEC? > @@ -971,7 +972,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, > return -ENOMEM; > > /* offset overflow? */ > - if ((pgoff + (len >> PAGE_SHIFT)) < pgoff) > + if ((off + len) < off) > return -EOVERFLOW; Hmm... pgoff doesn't make actual overflow. do_mmap_pgoff() can calculate big value. We have no reason to make artificial limit. Why don't you meke a overflow check in sys_mmap()? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists