lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Oct 2018 19:54:31 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Sven Eckelmann <sven@...fation.org>, Marek Lindner <mareklindner@...mailbox.ch>, Simon Wunderlich <sw@...onwunderlich.de>, Sasha Levin <alexander.levin@...rosoft.com> Subject: [PATCH 4.9 02/35] batman-adv: Fix segfault when writing to throughput_override 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann <sven@...fation.org> [ Upstream commit b9fd14c20871e6189f635e49b32d7789e430b3c8 ] The per hardif sysfs file "batman_adv/throughput_override" prints the resulting change as info text when the users writes to this file. It uses the helper function batadv_info to add it at the same time to the kernel ring buffer and to the batman-adv debug log (when CONFIG_BATMAN_ADV_DEBUG is enabled). The function batadv_info requires as first parameter the batman-adv softif net_device. This parameter is then used to find the private buffer which contains the debug log for this batman-adv interface. But batadv_store_throughput_override used as first argument the slave net_device. This slave device doesn't have the batadv_priv private data which is access by batadv_info. Writing to this file with CONFIG_BATMAN_ADV_DEBUG enabled can either lead to a segfault or to memory corruption. Fixes: 0b5ecc6811bd ("batman-adv: add throughput override attribute to hard_ifaces") Signed-off-by: Sven Eckelmann <sven@...fation.org> Acked-by: Marek Lindner <mareklindner@...mailbox.ch> Signed-off-by: Simon Wunderlich <sw@...onwunderlich.de> Signed-off-by: Sasha Levin <alexander.levin@...rosoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- net/batman-adv/sysfs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/net/batman-adv/sysfs.c +++ b/net/batman-adv/sysfs.c @@ -1084,8 +1084,9 @@ static ssize_t batadv_store_throughput_o if (old_tp_override == tp_override) goto out; - batadv_info(net_dev, "%s: Changing from: %u.%u MBit to: %u.%u MBit\n", - "throughput_override", + batadv_info(hard_iface->soft_iface, + "%s: %s: Changing from: %u.%u MBit to: %u.%u MBit\n", + "throughput_override", net_dev->name, old_tp_override / 10, old_tp_override % 10, tp_override / 10, tp_override % 10);
Powered by blists - more mailing lists