lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri,  3 Nov 2023 12:29:33 +0100
From:   Philipp Stanner <pstanner@...hat.com>
To:     Ian Abbott <abbotti@....co.uk>,
        H Hartley Sweeten <hsweeten@...ionengravers.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Philipp Stanner <pstanner@...hat.com>,
        Ivan Orlov <ivan.orlov0322@...il.com>,
        Benjamin Tissoires <benjamin.tissoires@...hat.com>
Cc:     linux-kernel@...r.kernel.org, Dave Airlie <airlied@...hat.com>
Subject: [PATCH v2] drivers/comedi: use standard array-copy-function

comedi_fops.c utilizes memdup_user() to copy a userspace array.

The new function memdup_array_user() provides a standardized way to copy
userspace-arrays. It makes it easier to see that an array is being
copied and, additionally, performs a generic overflow-check which might
help make the code more robust in case of changes in the future.

Replace memdup_user() with memdup_array_user().

Suggested-by: Dave Airlie <airlied@...hat.com>
Signed-off-by: Philipp Stanner <pstanner@...hat.com>
Reviewed-by: Ian Abbott <abbotti@....co.uk>
---
Changes in v2:
- Rephrase commit message so that it doesn't sound as if an actual
  overflow is being fixed here. (Greg K-H)
- Add Reviewed-by from Ian Abbott
---
 drivers/comedi/comedi_fops.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/comedi/comedi_fops.c b/drivers/comedi/comedi_fops.c
index 1548dea15df1..1b481731df96 100644
--- a/drivers/comedi/comedi_fops.c
+++ b/drivers/comedi/comedi_fops.c
@@ -1714,8 +1714,8 @@ static int __comedi_get_user_chanlist(struct comedi_device *dev,
 
 	lockdep_assert_held(&dev->mutex);
 	cmd->chanlist = NULL;
-	chanlist = memdup_user(user_chanlist,
-			       cmd->chanlist_len * sizeof(unsigned int));
+	chanlist = memdup_array_user(user_chanlist,
+				     cmd->chanlist_len, sizeof(unsigned int));
 	if (IS_ERR(chanlist))
 		return PTR_ERR(chanlist);
 
-- 
2.41.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ