lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Apr 2020 20:24:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, syzbot+49e69b4d71a420ceda3e@...kaller.appspotmail.com, Paul Moore <paul@...l-moore.com> Subject: [PATCH 5.4 124/168] audit: check the length of userspace generated audit records From: Paul Moore <paul@...l-moore.com> commit 763dafc520add02a1f4639b500c509acc0ea8e5b upstream. Commit 756125289285 ("audit: always check the netlink payload length in audit_receive_msg()") fixed a number of missing message length checks, but forgot to check the length of userspace generated audit records. The good news is that you need CAP_AUDIT_WRITE to submit userspace audit records, which is generally only given to trusted processes, so the impact should be limited. Cc: stable@...r.kernel.org Fixes: 756125289285 ("audit: always check the netlink payload length in audit_receive_msg()") Reported-by: syzbot+49e69b4d71a420ceda3e@...kaller.appspotmail.com Signed-off-by: Paul Moore <paul@...l-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- kernel/audit.c | 3 +++ 1 file changed, 3 insertions(+) --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1325,6 +1325,9 @@ static int audit_receive_msg(struct sk_b case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2: if (!audit_enabled && msg_type != AUDIT_USER_AVC) return 0; + /* exit early if there isn't at least one character to print */ + if (data_len < 2) + return -EINVAL; err = audit_filter(msg_type, AUDIT_FILTER_USER); if (err == 1) { /* match or error */
Powered by blists - more mailing lists