| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <lsq.1487198500.539906128@decadent.org.uk> Date: Wed, 15 Feb 2017 22:41:40 +0000 From: Ben Hutchings <ben@...adent.org.uk> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org CC: akpm@...ux-foundation.org, "Al Viro" <viro@...iv.linux.org.uk> Subject: [PATCH 3.16 047/306] arc: don't leak bits of kernel stack into coredump 3.16.40-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Al Viro <viro@...iv.linux.org.uk> commit 7798bf2140ebcc36eafec6a4194fffd8d585d471 upstream. On faulting sigreturn we do get SIGSEGV, all right, but anything we'd put into pt_regs could end up in the coredump. And since __copy_from_user() never zeroed on arc, we'd better bugger off on its failure without copying random uninitialized bits of kernel stack into pt_regs... Signed-off-by: Al Viro <viro@...iv.linux.org.uk> [bwh: Backported to 3.16: - Adjust context - Don't change the single return statement] Signed-off-by: Ben Hutchings <ben@...adent.org.uk> --- arch/arc/kernel/signal.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/arch/arc/kernel/signal.c +++ b/arch/arc/kernel/signal.c @@ -80,11 +80,12 @@ static int restore_usr_regs(struct pt_re int err; err = __copy_from_user(&set, &sf->uc.uc_sigmask, sizeof(set)); - if (!err) - set_current_blocked(&set); - err |= __copy_from_user(regs, &(sf->uc.uc_mcontext.regs.scratch), sizeof(sf->uc.uc_mcontext.regs.scratch)); + if (err) + return err; + + set_current_blocked(&set); return err; }
Powered by blists - more mailing lists