linux-kernel - [patch] nfsd: don't allow zero length strings in cache

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20120118095601.GE3356@mwanda>
Date:	Wed, 18 Jan 2012 12:56:02 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	"J. Bruce Fields" <bfields@...ldses.org>
Cc:	Sasha Levin <levinsasha928@...il.com>,
	linux-kernel@...r.kernel.org, Neil Brown <neilb@...e.de>,
	linux-nfs@...r.kernel.org
Subject: [patch] nfsd: don't allow zero length strings in cache_parse()

There is no point in passing a zero length string here and quite a
few of that cache_parse() implementations will Oops if count is
zero.

Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>

diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index 465df9a..8c6598e 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -828,6 +828,8 @@ static ssize_t cache_do_downcall(char *kaddr, const char __user *buf,
 {
 	ssize_t ret;
 
+	if (count == 0)
+		return -EINVAL;
 	if (copy_from_user(kaddr, buf, count))
 		return -EFAULT;
 	kaddr[count] = '\0';

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)