lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 9 Sep 2015 14:59:55 -0700
From:	Dave Hansen <dave@...1.net>
To:	unlisted-recipients:; (no To-header on input)
Cc:	john@...nmccutchan.com, rlove@...ve.org, eparis@...isplace.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] inotify: actually check for invalid bits in
 sys_inotify_add_watch()

On 06/30/2015 10:36 AM, Dave Hansen wrote:
> From: Dave Hansen <dave.hansen@...ux.intel.com>
> 
> The comment here says that it is checking for invalid bits.  But,
> the mask is *actually* checking to ensure that _any_ valid bit
> is set, which is quite different.
> 
> Add the actual check which was intended.  Retain the existing
> check because it actually does something useful: ensure that some
> inotify bits are being added to the watch.  Plus, this is
> existing behavior which would be nice to preserve.
> 
> I did a quick sniff test that inotify functions and that my
> 'inotify-tools' package passes 'make check'.

Did anybody have any comments on this patch?  Who picks up inotify patches?

>  b/fs/notify/inotify/inotify_user.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> diff -puN fs/notify/inotify/inotify_user.c~inotify-EINVAL-on-invalid-bit fs/notify/inotify/inotify_user.c
> --- a/fs/notify/inotify/inotify_user.c~inotify-EINVAL-on-invalid-bit	2015-06-26 13:33:30.277219285 -0700
> +++ b/fs/notify/inotify/inotify_user.c	2015-06-26 13:35:19.026122033 -0700
> @@ -707,6 +707,9 @@ SYSCALL_DEFINE3(inotify_add_watch, int,
>  	unsigned flags = 0;
>  
>  	/* don't allow invalid bits: we don't want flags set */
> +	if (unlikely(mask & ~ALL_INOTIFY_BITS))
> +		return -EINVAL;
> +	/* require at least one valid bit set in the mask */
>  	if (unlikely(!(mask & ALL_INOTIFY_BITS)))
>  		return -EINVAL;
>  
> _
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ