lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 27 Jun 2014 12:31:41 -0400
From:	Vivek Goyal <vgoyal@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
	ebiederm@...ssion.com, hpa@...or.com, mjg59@...f.ucam.org,
	greg@...ah.com, bp@...en8.de, dyoung@...hat.com,
	chaowang@...hat.com, bhe@...hat.com
Subject: Re: [PATCH 09/15] kexec: Implementation of new syscall
 kexec_file_load

On Thu, Jun 26, 2014 at 01:58:26PM -0700, Andrew Morton wrote:

[..]
> > +	while (pos < stat.size) {
> > +		bytes = kernel_read(f.file, pos, (char *)(*buf) + pos,
> > +				    stat.size - pos);
> > +		if (bytes < 0) {
> > +			vfree(*buf);
> > +			ret = bytes;
> > +			goto out;
> > +		}
> > +
> > +		if (bytes == 0)
> > +			break;
> 
> Here we can get a short read: (pos < stat.size).  Seems to me that it
> is risky to return this result to the caller as if all is well.

Hi Andrew,

That's a good point. Please find attached the patch which fixes both
the issues.

Thanks
Vivek



Subject: kexec: Return error if file bytes are less then file size 

If number of bytes read from file are not same as file size, return error.

Signed-off-by: Vivek Goyal <vgoyal@...hat.com>
---
 kernel/kexec.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Index: linux-2.6/kernel/kexec.c
===================================================================
--- linux-2.6.orig/kernel/kexec.c	2014-06-27 09:55:41.826755422 -0400
+++ linux-2.6/kernel/kexec.c	2014-06-27 10:04:23.409024171 -0400
@@ -343,7 +343,7 @@ out_free_image:
 static int copy_file_from_fd(int fd, void **buf, unsigned long *buf_len)
 {
 	struct fd f = fdget(fd);
-	int ret = 0;
+	int ret;
 	struct kstat stat;
 	loff_t pos;
 	ssize_t bytes = 0;
@@ -387,6 +387,12 @@ static int copy_file_from_fd(int fd, voi
 		pos += bytes;
 	}
 
+	if (pos != stat.size) {
+		ret = -EBADF;
+		vfree(*buf);
+		goto out;
+	}
+
 	*buf_len = pos;
 out:
 	fdput(f);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ