lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue,  3 Nov 2020 22:40:22 +0100
From:   Matteo Croce <mcroce@...ux.microsoft.com>
To:     linux-kernel@...r.kernel.org
Cc:     Guenter Roeck <linux@...ck-us.net>, Petr Mladek <pmladek@...e.com>,
        Arnd Bergmann <arnd@...db.de>, Mike Rapoport <rppt@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Pavel Tatashin <pasha.tatashin@...een.com>,
        Robin Holt <robinmholt@...il.com>,
        Fabian Frederick <fabf@...net.be>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: [PATCH v3 0/3] fix parsing of reboot= cmdline

From: Matteo Croce <mcroce@...rosoft.com>

The parsing of the reboot= cmdline has two major errors:
- a missing bound check can crash the system on reboot
- parsing of the cpu number only works if specified last

Fix both, along with a small code refactor.

v2->v3:
Revert the offending commit first, then fix the other bug.
CC stable
v1->v2:
As Petr suggested, don't force base 10 in simple_strtoul(),
so hex values are accepted as well.

Matteo Croce (3):
  Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
  reboot: fix overflow parsing reboot cpu number
  reboot: refactor and comment the cpu selection code

 kernel/reboot.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

-- 
2.28.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ