| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5271074f-930a-46e9-8ece-2cc65d45dc19@i-love.sakura.ne.jp>
Date: Thu, 28 Jan 2021 21:59:33 +0900
From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To: Sabyrzhan Tasbolatov <snovitoll@...il.com>
Cc: andreyknvl@...gle.com, casey@...aufler-ca.com, jmorris@...ei.org,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, mhocko@...e.com,
serge@...lyn.com,
syzbot+a71a442385a0b2815497@...kaller.appspotmail.com
Subject: Re: [PATCH v2] smackfs: restrict bytes count in smackfs write
functions
On 2021/01/28 20:58, Sabyrzhan Tasbolatov wrote:
> @@ -2005,6 +2009,9 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
> if (!smack_privileged(CAP_MAC_ADMIN))
> return -EPERM;
>
> + if (count > PAGE_SIZE)
> + return -EINVAL;
> +
> data = memdup_user_nul(buf, count);
> if (IS_ERR(data))
> return PTR_ERR(data);
> @@ -2740,10 +2754,13 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
> return -EPERM;
>
> /*
> + * No partial write.
> * Enough data must be present.
> */
> if (*ppos != 0)
> return -EINVAL;
> + if (count == 0 || count > PAGE_SIZE)
> + return -EINVAL;
>
> data = memdup_user_nul(buf, count);
> if (IS_ERR(data))
>
Doesn't this change break legitimate requests like
char buffer[20000];
memset(buffer, ' ', sizeof(buffer));
memcpy(buffer + sizeof(buffer) - 10, "foo", 3);
write(fd, buffer, sizeof(buffer));
?
Powered by blists - more mailing lists