| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6236da54-c651-9dc7-f5ce-824be96b3e9d@kernel.org>
Date: Thu, 8 Sep 2022 10:10:12 +0200
From: Jiri Slaby <jirislaby@...nel.org>
To: Hangyu Hua <hbh25y@...il.com>, gregkh@...uxfoundation.org,
changlianzhi@...ontech.com, dmitry.torokhov@...il.com
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tty: vt: add a bounds checking in vt_do_kdgkb_ioctl()
On 08. 09. 22, 9:54, Hangyu Hua wrote:
> As array_index_nospec's comments indicateļ¼a bounds checking need to add
> before calling array_index_nospec.
>
> Signed-off-by: Hangyu Hua <hbh25y@...il.com>
> ---
> drivers/tty/vt/keyboard.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
> index be8313cdbac3..b9845455df79 100644
> --- a/drivers/tty/vt/keyboard.c
> +++ b/drivers/tty/vt/keyboard.c
> @@ -2067,6 +2067,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
> if (get_user(kb_func, &user_kdgkb->kb_func))
> return -EFAULT;
>
> + if (kb_func >= MAX_NR_FUNC)
kb_func is unsigned char and MAX_NR_FUNC is 256. So this should be
eliminated by the compiler anyway.
But the check might be a good idea if we ever decide to support more
keys. But will/can we? I am not so sure, so adding it right now is kind
of superfluous. In any way we'd need to introduce a completely different
iterface/ioctls.
> + return -EFAULT;
EINVAL would be more appropriate, IMO.
> +
> kb_func = array_index_nospec(kb_func, MAX_NR_FUNC);
>
> switch (cmd) {
thanks,
--
js
suse labs
Powered by blists - more mailing lists