| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20130227.160850.660037788307311215.davem@davemloft.net> Date: Wed, 27 Feb 2013 16:08:50 -0500 (EST) From: David Miller <davem@...emloft.net> To: vyasevich@...il.com Cc: linux@...ck-us.net, netdev@...r.kernel.org, linux-sctp@...r.kernel.org, sri@...ibm.com, nhorman@...driver.com Subject: Re: [PATCH v2] net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS From: Vlad Yasevich <vyasevich@...il.com> Date: Wed, 27 Feb 2013 16:00:42 -0500 > On 02/27/2013 03:57 PM, Guenter Roeck wrote: >> Building sctp may fail with: >> >> In function ‘copy_from_user’, >> inlined from ‘sctp_getsockopt_assoc_stats’ at >> net/sctp/socket.c:5656:20: >> arch/x86/include/asm/uaccess_32.h:211:26: error: call to >> ‘copy_from_user_overflow’ declared with attribute error: >> copy_from_user() >> buffer size is not provably correct >> >> if built with W=1 due to a missing parameter size validation >> before the call to copy_from_user. >> >> Signed-off-by: Guenter Roeck <linux@...ck-us.net> >> --- >> v2: Fix by moving the existing parameter size validation up >> in the function instead of adding an additional one. > > This works too... > > Acked-by: Vlad Yasevich <vyasevich@...il.com> I'll apply this and queue it up for -stable, thanks everyone.
Powered by blists - more mailing lists