| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20181225195637.69304-1-kjlu@umn.edu>
Date: Tue, 25 Dec 2018 13:56:37 -0600
From: Kangjie Lu <kjlu@....edu>
To: kjlu@....edu
Cc: pakki001@....edu,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Maxime Coquelin <mcoquelin.stm32@...il.com>,
Alexandre Torgue <alexandre.torgue@...com>,
linux-stm32@...md-mailman.stormreply.com,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: [PATCH] hwtracing: stm: avoid a double-fetch case when fetching policy id
"size" is fetched from user space and security checked. The fix avoids
fetching it again. Since "size" is no longer used after the second
fetch in the current code, so let's just skip copying "size" in the
second fetch.
Signed-off-by: Kangjie Lu <kjlu@....edu>
---
drivers/hwtracing/stm/core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hwtracing/stm/core.c b/drivers/hwtracing/stm/core.c
index 93ce3aa740a9..55df1d374c57 100644
--- a/drivers/hwtracing/stm/core.c
+++ b/drivers/hwtracing/stm/core.c
@@ -752,7 +752,8 @@ static int stm_char_policy_set_ioctl(struct stm_file *stmf, void __user *arg)
if (!id)
return -ENOMEM;
- if (copy_from_user(id, arg, size)) {
+ if (copy_from_user(id + sizeof(size),
+ arg + sizeof(size), size - sizeof(size))) {
ret = -EFAULT;
goto err_free;
}
--
2.17.2 (Apple Git-113)
Powered by blists - more mailing lists