| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Sep 2015 18:37:36 -0400 From: Josh Boyer <jwboyer@...oraproject.org> To: Dave Hansen <dave@...1.net> Cc: john@...nmccutchan.com, rlove@...ve.org, eparis@...isplace.org, "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>, "stable@...r.kernel.org" <stable@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCH] inotify: actually check for invalid bits in sys_inotify_add_watch() On Wed, Sep 9, 2015 at 5:59 PM, Dave Hansen <dave@...1.net> wrote: > On 06/30/2015 10:36 AM, Dave Hansen wrote: >> From: Dave Hansen <dave.hansen@...ux.intel.com> >> >> The comment here says that it is checking for invalid bits. But, >> the mask is *actually* checking to ensure that _any_ valid bit >> is set, which is quite different. >> >> Add the actual check which was intended. Retain the existing >> check because it actually does something useful: ensure that some >> inotify bits are being added to the watch. Plus, this is >> existing behavior which would be nice to preserve. >> >> I did a quick sniff test that inotify functions and that my >> 'inotify-tools' package passes 'make check'. > > Did anybody have any comments on this patch? Who picks up inotify patches? Theoretically the people you have CC'd pick them up. However it seems for quite some time Andrew has been shepherding them along. josh >> b/fs/notify/inotify/inotify_user.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff -puN fs/notify/inotify/inotify_user.c~inotify-EINVAL-on-invalid-bit fs/notify/inotify/inotify_user.c >> --- a/fs/notify/inotify/inotify_user.c~inotify-EINVAL-on-invalid-bit 2015-06-26 13:33:30.277219285 -0700 >> +++ b/fs/notify/inotify/inotify_user.c 2015-06-26 13:35:19.026122033 -0700 >> @@ -707,6 +707,9 @@ SYSCALL_DEFINE3(inotify_add_watch, int, >> unsigned flags = 0; >> >> /* don't allow invalid bits: we don't want flags set */ >> + if (unlikely(mask & ~ALL_INOTIFY_BITS)) >> + return -EINVAL; >> + /* require at least one valid bit set in the mask */ >> if (unlikely(!(mask & ALL_INOTIFY_BITS))) >> return -EINVAL; >> >> _ >> > > -- > To unsubscribe from this list: send the line "unsubscribe stable" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists