| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Oct 2015 04:46:48 -0700
From: Geliang Tang <geliangtang@....com>
To: Alasdair Kergon <agk@...hat.com>,
Mike Snitzer <snitzer@...hat.com>, dm-devel@...hat.com,
Neil Brown <neilb@...e.com>
Cc: Geliang Tang <geliangtang@....com>, linux-raid@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] dm ioctl: bugfix for kvfree() in free_params()
The ioctl parameter block consists of two parts, a dm_ioctl struct
followed by a data buffer. Don't free the parameter block when the
data buffer is empty.
Fixes: 30c2a1f('dm ioctl: use kvfree() in free_params()')
Signed-off-by: Geliang Tang <geliangtang@....com>
---
drivers/md/dm-ioctl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index dbb5588..3f93787 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1673,10 +1673,13 @@ static int check_version(unsigned int cmd, struct dm_ioctl __user *user)
static void free_params(struct dm_ioctl *param, size_t param_size, int param_flags)
{
+ const size_t minimum_data_size = sizeof(*param) - sizeof(param->data);
+
if (param_flags & DM_WIPE_BUFFER)
memset(param, 0, param_size);
- kvfree(param);
+ if (param_size > minimum_data_size)
+ kvfree(param);
}
static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel,
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists