| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1427657309-4344-1-git-send-email-xypron.glpk@gmx.de> Date: Sun, 29 Mar 2015 21:28:26 +0200 From: Heinrich Schuchardt <xypron.glpk@....de> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Michal Nazarewicz <mina86@...a86.com>, Ingo Molnar <mingo@...nel.org>, Steven Rostedt <rostedt@...dmis.org>, Peter Zijlstra <peterz@...radead.org>, Joe Perches <joe@...ches.com>, Josh Hunt <johunt@...mai.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Rusty Russell <rusty@...tcorp.com.au>, Daniel Walter <dwalter@...gle.com>, David Rientjes <rientjes@...gle.com>, Kees Cook <keescook@...omium.org>, "David S. Miller" <davem@...emloft.net>, Johannes Weiner <hannes@...xchg.org>, Aaron Tomlin <atomlin@...hat.com>, Prarit Bhargava <prarit@...hat.com>, Eric B Munson <emunson@...mai.com>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Sam Ravnborg <sam@...nborg.org>, linux-kernel@...r.kernel.org, Heinrich Schuchardt <xypron.glpk@....de> Subject: [PATCH 0/3] sysctl: detect overflows when setting integers This patch series addresses undetected overflows when writing to the sysctl file system. E.g. echo 0x800001234 > /proc/sys/kernel/threads-max has the same effect as echo 0x1234 > /proc/sys/kernel/threads-max The first type of overflow occurs when converting from string to unsigned long. The second type of overflow occurs when converting from unsigned long to int. The first patch provide new functions kstrtoul_e and kstrtoull_e that can be used to replace deprecated simple_strtoul and simple_strtoull. The second patch replaces a call to simple_strtoul by kstrtoul_e. This is necessary to detect overflows when converting from string to unsigned long. The third patch adds checks when converting form unsigned long to int. Heinrich Schuchardt (3): lib/kstrtox.c: functions returning end of string sysctl: detect overflows in proc_get_long sysctl: detect overflows when converting to int include/linux/kernel.h | 4 +++ kernel/sysctl.c | 13 +++++++-- lib/kstrtox.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 83 insertions(+), 5 deletions(-) -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists