| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201203183527.139317-1-jarkko@kernel.org>
Date: Thu, 3 Dec 2020 20:35:27 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org, linux-sgx@...r.kernel.org,
Jarkko Sakkinen <jarkko@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Borislav Petkov <bp@...en8.de>,
Dan Carpenter <dan.carpenter@...cle.com>
Subject: [PATCH] x86/sgx: Return -EINVAL on a zero length buffer in sgx_ioc_enclave_add_pages()
The length documented as
* @length: length of the data (multiple of the page size)
Fail with -EINVAL, when user gives a zero length buffer. Right now
'ret' is returned as uninitialized.
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Cc: Borislav Petkov <bp@...en8.de>
Link: https://lore.kernel.org/linux-sgx/X8ehQssnslm194ld@mwanda/
Fixes: c6d26d370767 ("x86/sgx: Add SGX_IOC_ENCLAVE_ADD_PAGES")
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
---
arch/x86/kernel/cpu/sgx/ioctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c
index c206aee80a04..90a5caf76939 100644
--- a/arch/x86/kernel/cpu/sgx/ioctl.c
+++ b/arch/x86/kernel/cpu/sgx/ioctl.c
@@ -428,7 +428,7 @@ static long sgx_ioc_enclave_add_pages(struct sgx_encl *encl, void __user *arg)
!IS_ALIGNED(add_arg.src, PAGE_SIZE))
return -EINVAL;
- if (add_arg.length & (PAGE_SIZE - 1))
+ if (!add_arg.length || add_arg.length & (PAGE_SIZE - 1))
return -EINVAL;
if (add_arg.offset + add_arg.length - PAGE_SIZE >= encl->size)
--
2.27.0
Powered by blists - more mailing lists