| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Jan 2009 09:21:15 +0100
From: Roel Kluin <roel.kluin@...il.com>
To: christine.caulfield@...glemail.com
CC: linux-decnet-user@...ts.sourceforge.net, netdev@...r.kernel.org
Subject: [PATCH] decnet: incorrect optlen size
Several functions with something like this occur:
int sock_set_foo(int optlen, ...)
{
struct food foo;
if (optlen < sizeof(foo))
return -EINVAL;
if (copy_from_user(&foo, optval, sizeof(foo)))
return -EFAULT;
...
}
see for instance:
grep -C5 -E -R -n "copy_from_user\(&([a-zA-Z0-9]*), optval, sizeof\(\1\)\)" net
but in __dn_setsockopt, below, the checks are slightly different.
Should maybe the changes below be apllied?
-------------->8----------------8<-----------------------
fix size checks before copy_from_user
Signed-off-by: Roel Kluin <roel.kluin@...il.com>
---
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index cf0e184..45b9199 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -1359,10 +1359,10 @@ static int __dn_setsockopt(struct socket *sock, int level,int optname, char __us
if (optlen && !optval)
return -EINVAL;
- if (optlen > sizeof(u))
+ if (optlen < sizeof(u))
return -EINVAL;
- if (copy_from_user(&u, optval, optlen))
+ if (copy_from_user(&u, optval, sizeof(u)))
return -EFAULT;
switch(optname) {
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists