lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <bff7add3978af84f7d33822a3079309ecc904dfa.1444333391.git.geliangtang@163.com>
Date:	Thu,  8 Oct 2015 04:46:48 -0700
From:	Geliang Tang <geliangtang@....com>
To:	Alasdair Kergon <agk@...hat.com>,
	Mike Snitzer <snitzer@...hat.com>, dm-devel@...hat.com,
	Neil Brown <neilb@...e.com>
Cc:	Geliang Tang <geliangtang@....com>, linux-raid@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] dm ioctl: bugfix for kvfree() in free_params()

The ioctl parameter block consists of two parts, a dm_ioctl struct
followed by a data buffer. Don't free the parameter block when the
data buffer is empty.

Fixes: 30c2a1f('dm ioctl: use kvfree() in free_params()')
Signed-off-by: Geliang Tang <geliangtang@....com>
---
 drivers/md/dm-ioctl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index dbb5588..3f93787 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1673,10 +1673,13 @@ static int check_version(unsigned int cmd, struct dm_ioctl __user *user)
 
 static void free_params(struct dm_ioctl *param, size_t param_size, int param_flags)
 {
+	const size_t minimum_data_size = sizeof(*param) - sizeof(param->data);
+
 	if (param_flags & DM_WIPE_BUFFER)
 		memset(param, 0, param_size);
 
-	kvfree(param);
+	if (param_size > minimum_data_size)
+		kvfree(param);
 }
 
 static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel,
-- 
1.9.1


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ