| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5b6ff892-fd27-94c6-045a-70c6ab721fb3@gmail.com>
Date: Thu, 6 Jul 2017 00:56:36 -0400
From: Matthias Rosenfelder <mrosenfelder.lkml@...il.com>
To: davem@...emloft.net
Cc: netdev@...r.kernel.org, dan.carpenter@...cle.com,
davejwatson@...com, aviadye@...lanox.com, ilyal@...lanox.com
Subject: [PATCH net-next] TLS: Fix length check in do_tls_getsockopt_tx()
copy_to_user() copies the struct the pointer is pointing to, but the
length check compares against sizeof(pointer) and not sizeof(struct).
On 32-bit the size is probably the same, so it might have worked
accidentally.
Signed-off-by: Matthias Rosenfelder <mrosenfelder.lkml@...il.com>
---
net/tls/tls_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index a03130a..60aff60 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -272,7 +272,7 @@ static int do_tls_getsockopt_tx(struct sock *sk, char __user *optval,
goto out;
}
- if (len == sizeof(crypto_info)) {
+ if (len == sizeof(*crypto_info)) {
if (copy_to_user(optval, crypto_info, sizeof(*crypto_info)))
rc = -EFAULT;
goto out;
--
2.8.3
Powered by blists - more mailing lists