lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190904110704.8606-3-christian.brauner@ubuntu.com>
Date:   Wed,  4 Sep 2019 13:07:04 +0200
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     hridya@...gle.com
Cc:     arve@...roid.com, christian@...uner.io, devel@...verdev.osuosl.org,
        gregkh@...uxfoundation.org, joel@...lfernandes.org,
        kernel-team@...roid.com, linux-kernel@...r.kernel.org,
        maco@...roid.com, tkjos@...roid.com,
        Christian Brauner <christian.brauner@...ntu.com>
Subject: [RESEND PATCH v3 2/2] binder: Validate the default binderfs device names.

From: Hridya Valsaraju <hridya@...gle.com>

Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME.
This patch adds a check in binderfs_init() to ensure the same
for the default binder devices that will be created in every
binderfs instance.

Co-developed-by: Christian Brauner <christian.brauner@...ntu.com>
Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>
Signed-off-by: Hridya Valsaraju <hridya@...gle.com>
Reviewed-by: Joel Fernandes (Google) <joel@...lfernandes.org>
Link: https://lore.kernel.org/r/20190808222727.132744-3-hridya@google.com
---
 drivers/android/binderfs.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
index aee46dd1be91..55c5adb87585 100644
--- a/drivers/android/binderfs.c
+++ b/drivers/android/binderfs.c
@@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = {
 int __init init_binderfs(void)
 {
 	int ret;
+	const char *name;
+	size_t len;
+
+	/* Verify that the default binderfs device names are valid. */
+	name = binder_devices_param;
+	for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
+		if (len > BINDERFS_MAX_NAME)
+			return -E2BIG;
+		name += len;
+		if (*name == ',')
+			name++;
+	}
 
 	/* Allocate new major number for binderfs. */
 	ret = alloc_chrdev_region(&binderfs_dev, 0, BINDERFS_MAX_MINOR,
-- 
2.23.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ