| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Feb 2019 07:51:44 -0800
From: Luis Chamberlain <mcgrof@...nel.org>
To: Zev Weiss <zev@...ilderbeest.net>
Cc: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>, yzaikin@...gle.com,
brendanhiggins@...gle.com
Subject: Re: [PATCH v2 0/3] sysctl: fix range-checking in
do_proc_dointvec_minmax_conv()
On Thu, Feb 07, 2019 at 06:34:23AM -0600, Zev Weiss wrote:
> Hello,
>
> After being left with an unusable system after a typo executing
> something like 'echo $((1<<24)) > /proc/sys/vm/max_map_count', I found
> that do_proc_dointvec_minmax_conv() was missing a check to ensure that
> the converted value actually fits in an int.
>
> The first of the following patches enhances the sysctl selftest such
> that it detects this problem; the second provides a minimal fix
> (suitable for -stable) such that the selftest passes. The third patch
> then performs a more thorough refactoring to eliminate the code
> duplication that led to the bug in the first place (maintaining the
> passing status of the selftest).
>
>
> Changes in v2:
> - Rearranged selftest to also test negative values and provide more
> info in comments
> - Added intermediate patch as a minimal fix for -stable without the
> refactoring
Thanks! For some reason I got all except the last patch, patch #3.
Can you bounce me and others a copy?
Luis
Powered by blists - more mailing lists