| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Feb 2019 21:39:43 +0100
From: Christian Brauner <christian@...uner.io>
To: akpm@...ux-foundation.org, keescook@...omium.org,
linux-kernel@...r.kernel.org
Cc: ebiederm@...ssion.com, mcgrof@...nel.org, joe.lawrence@...hat.com,
longman@...hat.com, linux@...inikbrodowski.net,
viro@...iv.linux.org.uk, adobriyan@...il.com,
linux-api@...r.kernel.org, Christian Brauner <christian@...uner.io>
Subject: [RFC PATCH v4 3/3] sysctl: return -EINVAL if val violates minmax
Currently when userspace gives us a values that overflow e.g. file-max and
other callers of __do_proc_doulongvec_minmax() we simply
ignore the new value and leave the current value untouched. This can be
problematic as it gives the illusion that the limit has indeed be bumped
when in fact it failed.
This commit makes sure to return EINVAL when an overflow is detected.
Please note that this is a userspace facing change.
Signed-off-by: Christian Brauner <christian@...uner.io>
---
/* Changelog */
v4:
- patch introduced
v1-v3:
- patch not present
---
kernel/sysctl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index c4a44b7ccb8a..516bc8a2812d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2846,8 +2846,10 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
if (neg)
continue;
val = convmul * val / convdiv;
- if ((min && val < *min) || (max && val > *max))
- continue;
+ if ((min && val < *min) || (max && val > *max)) {
+ err = -EINVAL;
+ break;
+ }
*i = val;
} else {
val = convdiv * (*i) / convmul;
--
2.20.1
Powered by blists - more mailing lists