| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210111203340.98dd3c8fa675b709bcf6d49e@linux-foundation.org>
Date: Mon, 11 Jan 2021 20:33:40 -0800
From: Andrew Morton <akpm@...ux-foundation.org>
To: Xiaoming Ni <nixiaoming@...wei.com>
Cc: <linux-kernel@...r.kernel.org>, <mcgrof@...nel.org>,
<keescook@...omium.org>, <yzaikin@...gle.com>,
<adobriyan@...il.com>, <linux-fsdevel@...r.kernel.org>,
<vbabka@...e.cz>, <mhocko@...e.com>, <andy.shevchenko@...il.com>,
<wangle6@...wei.com>
Subject: Re: [PATCH v3] proc_sysctl: fix oops caused by incorrect command
parameters.
On Tue, 12 Jan 2021 11:31:55 +0800 Xiaoming Ni <nixiaoming@...wei.com> wrote:
> The process_sysctl_arg() does not check whether val is empty before
> invoking strlen(val). If the command line parameter () is incorrectly
> configured and val is empty, oops is triggered.
>
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -1770,6 +1770,9 @@ static int process_sysctl_arg(char *param, char *val,
> return 0;
> }
>
> + if (!val)
> + return -EINVAL;
> +
I think v2 (return 0) was preferable. Because all the other error-out
cases in process_sysctl_arg() also do a `return 0'.
If we're going to do a separate "patch: make process_sysctl_arg()
return an errno instead of 0" then fine, we can discuss that. But it's
conceptually a different work from fixing this situation.
Powered by blists - more mailing lists