| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d1d73239-c549-c6c0-5b24-5d701b69e3f1@i-love.sakura.ne.jp>
Date: Mon, 12 Apr 2021 22:28:15 +0900
From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To: casey@...aufler-ca.com
Cc: jmorris@...ei.org, linux-kernel@...r.kernel.org, serge@...lyn.com,
linux-security-module@...r.kernel.org,
syzbot <syzbot+77c53db50c9fff774e8e@...kaller.appspotmail.com>,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] WARNING in smk_set_cipso (2)
Commit 7ef4c19d245f3dc2 ("smackfs: restrict bytes count in smackfs write
functions") missed that count > SMK_CIPSOMAX check applies to only
format == SMK_FIXED24_FMT case.
Reported-by: syzbot <syzbot+77c53db50c9fff774e8e@...kaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
---
security/smack/smackfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 22ded2c26089..1ad7d0d1ea62 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -855,6 +855,8 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
if (format == SMK_FIXED24_FMT &&
(count < SMK_CIPSOMIN || count > SMK_CIPSOMAX))
return -EINVAL;
+ if (count > PAGE_SIZE)
+ return -EINVAL;
data = memdup_user_nul(buf, count);
if (IS_ERR(data))
--
2.18.4
Powered by blists - more mailing lists