| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1349742791.6336.11.camel@deadeye.wl.decadent.org.uk>
Date: Tue, 09 Oct 2012 01:33:11 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: Dave Jones <davej@...hat.com>
Cc: Linux Kernel <linux-kernel@...r.kernel.org>, linux-mm@...ck.org,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: mpol_to_str revisited.
On Mon, 2012-10-08 at 11:09 -0400, Dave Jones wrote:
> Last month I sent in 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a to remove
> a user triggerable BUG in mempolicy.
>
> Ben Hutchings pointed out to me that my change introduced a potential leak
> of stack contents to userspace, because none of the callers check the return value.
>
> This patch adds the missing return checking, and also clears the buffer beforehand.
>
> Reported-by: Ben Hutchings <bhutchings@...arflare.com>
I was wearing my other hat at the time (ben@...adent.org.uk).
> Cc: stable@...nel.org
> Signed-off-by: Dave Jones <davej@...hat.com>
>
> ---
> unanswered question: why are the buffer sizes here different ? which is correct?
[...]
Further question: why even use an intermediate buffer on the stack?
Both callers want to write the result to a seq_file. Should mpol_str()
then be replaced with a seq_mpol()?
Ben.
--
Ben Hutchings
Who are all these weirdos? - David Bowie, about L-Space IRC channel #afp
Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)
Powered by blists - more mailing lists