| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190910115711.GA3755@asgard.redhat.com>
Date: Tue, 10 Sep 2019 12:57:11 +0100
From: Eugene Syromiatnikov <esyr@...hat.com>
To: linux-kernel@...r.kernel.org,
Christian Brauner <christian@...uner.io>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Ingo Molnar <mingo@...nel.org>,
"Dmitry V. Levin" <ldv@...linux.org>,
Eric Biederman <ebiederm@...ssion.com>,
Oleg Nesterov <oleg@...hat.com>
Subject: [PATCH] fork: fail on non-zero higher 32 bits of args.exit_signal
Previously, higher 32 bits of exit_signal fields were lost when
copied to the kernel args structure (that uses int as a type for the
respective field). Fail with EINVAL if these are set as it looks like
there's no sane reason to accept them.
* kernel/fork.c (copy_clone_args_from_user): Fail with -EINVAL if
args.exit_signal converted to unsigned int is not equal to the original
value.
Signed-off-by: Eugene Syromiatnikov <esyr@...hat.com>
---
kernel/fork.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
index 2852d0e..fcbc4d5 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2562,6 +2562,9 @@ noinline static int copy_clone_args_from_user(struct kernel_clone_args *kargs,
if (copy_from_user(&args, uargs, size))
return -EFAULT;
+ if (unlikely(((unsigned int)args.exit_signal) != args.exit_signal))
+ return -EINVAL;
+
*kargs = (struct kernel_clone_args){
.flags = args.flags,
.pidfd = u64_to_user_ptr(args.pidfd),
--
2.1.4
Powered by blists - more mailing lists