lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGnkfhxHhrzP7SWVQ8CCdP3yWmYrn5JQhkH1=m4_SdvacBxFTw@mail.gmail.com>
Date:   Wed, 3 Apr 2019 13:54:56 +0200
From:   Matteo Croce <mcroce@...hat.com>
To:     linux-fsdevel@...r.kernel.org
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Luis Chamberlain <mcgrof@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Christian Brauner <christian@...uner.io>,
        Matthew Wilcox <willy@...radead.org>,
        Zev Weiss <zev@...ilderbeest.net>
Subject: Re: [PATCH] kernel/sysctl.c: fix out of bounds access in fs.file-max

On Thu, Mar 28, 2019 at 2:03 PM Matteo Croce <mcroce@...hat.com> wrote:
>
> fs.file-max sysctl uses proc_doulongvec_minmax() as proc handler, which
> accesses *extra1 and *extra2 as unsigned long, but commit 32a5ad9c2285
> ("sysctl: handle overflow for file-max") assigns &zero, which is an int,
> to extra1, generating the following KASAN report.
> Fix this by changing 'zero' to long, which does not need to be duplicated
> like 'one' and 'one_ul' for two data types.

Hi,

Anyone looked at this patch? Does my fix looks sane?

Regards,
--
Matteo Croce
per aspera ad upstream

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ