lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190210203943.8227-4-christian@brauner.io>
Date:   Sun, 10 Feb 2019 21:39:43 +0100
From:   Christian Brauner <christian@...uner.io>
To:     akpm@...ux-foundation.org, keescook@...omium.org,
        linux-kernel@...r.kernel.org
Cc:     ebiederm@...ssion.com, mcgrof@...nel.org, joe.lawrence@...hat.com,
        longman@...hat.com, linux@...inikbrodowski.net,
        viro@...iv.linux.org.uk, adobriyan@...il.com,
        linux-api@...r.kernel.org, Christian Brauner <christian@...uner.io>
Subject: [RFC PATCH v4 3/3] sysctl: return -EINVAL if val violates minmax

Currently when userspace gives us a values that overflow e.g. file-max and
other callers of __do_proc_doulongvec_minmax() we simply
ignore the new value and leave the current value untouched. This can be
problematic as it gives the illusion that the limit has indeed be bumped
when in fact it failed.
This commit makes sure to return EINVAL when an overflow is detected.
Please note that this is a userspace facing change.

Signed-off-by: Christian Brauner <christian@...uner.io>
---
/* Changelog */
v4:
- patch introduced

v1-v3:
- patch not present
---
 kernel/sysctl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index c4a44b7ccb8a..516bc8a2812d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2846,8 +2846,10 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
 			if (neg)
 				continue;
 			val = convmul * val / convdiv;
-			if ((min && val < *min) || (max && val > *max))
-				continue;
+			if ((min && val < *min) || (max && val > *max)) {
+				err = -EINVAL;
+				break;
+			}
 			*i = val;
 		} else {
 			val = convdiv * (*i) / convmul;
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ