| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190206195807.GG11489@garbanzo.do-not-panic.com>
Date: Wed, 6 Feb 2019 11:58:07 -0800
From: Luis Chamberlain <mcgrof@...nel.org>
To: Zev Weiss <zev@...ilderbeest.net>
Cc: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org, akpm@...ux-foundation.org,
yzaikin@...gle.com, brendanhiggins@...gle.com
Subject: Re: [PATCH 2/2] kernel/sysctl.c: define minmax conv functions in
terms of non-minmax versions
On Thu, Dec 27, 2018 at 05:12:30AM -0600, Zev Weiss wrote:
> do_proc_do[u]intvec_minmax_conv() had included open-coded versions of
> do_proc_do[u]intvec_conv(), though the signed one omitted the check
> that the value is in [INT_MIN, INT_MAX]. Rather than increase the
> duplication further by copying the additional check, we can instead
> refactor both to be defined in terms of their non-bounded counterparts
> (plus the added check).
The code below looks fine, however it is a rather intrusive check.
Let's isntead open code the new bound check and Cc stable, and then
after we can get creative with the wrapper use.
Can you confirm the open coded version fixes the issues, and then
the other change does not regress? If you can include an annotation
as to since *when* this was broken by annotating it on your CC stable
note it would be useful for stable maintainers. Likewise if you can
add a respective Fixes: tag that would be appreciated if you can easily
find it.
The stable tag annotation can be placed on top of all the tags, for
instance if the first broken commit was in v4.1 then:
Cc: <stable@...r.kernel.org> # v4.1+
Thanks for the fix and expanding on the tests!
Luis
Powered by blists - more mailing lists