| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1361845307-12737-2-git-send-email-peter@hurleysoftware.com> Date: Mon, 25 Feb 2013 21:21:38 -0500 From: Peter Hurley <peter@...leysoftware.com> To: Stanislav Kinsbursky <skinsbursky@...allels.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, Dave Jones <davej@...hat.com>, Peter Hurley <peter@...leysoftware.com> Subject: [PATCH 01/10] ipc: Fix potential oops when src msg > 4k w/ MSG_COPY If the src msg is > 4k, then dest->next points to the next allocated segment; resetting it just prior to dereferencing is bad. Signed-off-by: Peter Hurley <peter@...leysoftware.com> --- ipc/msgutil.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/ipc/msgutil.c b/ipc/msgutil.c index ebfcbfa..5df8e4b 100644 --- a/ipc/msgutil.c +++ b/ipc/msgutil.c @@ -117,9 +117,6 @@ struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst) if (alen > DATALEN_MSG) alen = DATALEN_MSG; - dst->next = NULL; - dst->security = NULL; - memcpy(dst + 1, src + 1, alen); len -= alen; -- 1.8.1.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists