| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jan 2021 20:38:04 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Christoph Hellwig' <hch@....de>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>
CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: RE: [PATCH] iov_iter: fix the uaccess area in
copy_compat_iovec_from_user
From: Christoph Hellwig
> Sent: 11 January 2021 17:19
>
> sizeof needs to be called on the compat pointer, not the native one.
>
> Fixes: 89cd35c58bc2 ("iov_iter: transparently handle compat iovecs in import_iovec")
> Reported-by: David Laight <David.Laight@...LAB.COM>
> Signed-off-by: Christoph Hellwig <hch@....de>
> ---
> lib/iov_iter.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/iov_iter.c b/lib/iov_iter.c
> index 1635111c5bd2af..586215aa0f15ce 100644
> --- a/lib/iov_iter.c
> +++ b/lib/iov_iter.c
> @@ -1658,7 +1658,7 @@ static int copy_compat_iovec_from_user(struct iovec *iov,
> (const struct compat_iovec __user *)uvec;
> int ret = -EFAULT, i;
>
> - if (!user_access_begin(uvec, nr_segs * sizeof(*uvec)))
> + if (!user_access_begin(uvec, nr_segs * sizeof(*uiov)))
The first 'uvec' probably ought to be changed as well.
Even though both variables have the same value.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists