lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 29 Mar 2015 21:28:26 +0200
From:	Heinrich Schuchardt <xypron.glpk@....de>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Michal Nazarewicz <mina86@...a86.com>,
	Ingo Molnar <mingo@...nel.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Peter Zijlstra <peterz@...radead.org>,
	Joe Perches <joe@...ches.com>, Josh Hunt <johunt@...mai.com>,
	Rasmus Villemoes <linux@...musvillemoes.dk>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Daniel Walter <dwalter@...gle.com>,
	David Rientjes <rientjes@...gle.com>,
	Kees Cook <keescook@...omium.org>,
	"David S. Miller" <davem@...emloft.net>,
	Johannes Weiner <hannes@...xchg.org>,
	Aaron Tomlin <atomlin@...hat.com>,
	Prarit Bhargava <prarit@...hat.com>,
	Eric B Munson <emunson@...mai.com>,
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
	Sam Ravnborg <sam@...nborg.org>, linux-kernel@...r.kernel.org,
	Heinrich Schuchardt <xypron.glpk@....de>
Subject: [PATCH 0/3] sysctl: detect overflows when setting integers

This patch series addresses undetected overflows when writing to the
sysctl file system.

E.g.
echo 0x800001234 > /proc/sys/kernel/threads-max
has the same effect as
echo 0x1234 > /proc/sys/kernel/threads-max

The first type of overflow occurs when converting from string to unsigned long.
The second type of overflow occurs when converting from unsigned long to int.

The first patch provide new functions kstrtoul_e and kstrtoull_e that can be
used to replace deprecated simple_strtoul and simple_strtoull.

The second patch replaces a call to simple_strtoul by kstrtoul_e. This is
necessary to detect overflows when converting from string to unsigned long.

The third patch adds checks when converting form unsigned long to int.

Heinrich Schuchardt (3):
  lib/kstrtox.c: functions returning end of string
  sysctl: detect overflows in proc_get_long
  sysctl: detect overflows when converting to int

 include/linux/kernel.h |  4 +++
 kernel/sysctl.c        | 13 +++++++--
 lib/kstrtox.c          | 71 +++++++++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 83 insertions(+), 5 deletions(-)

-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ