| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211220092627.3744624-1-libaokun1@huawei.com>
Date: Mon, 20 Dec 2021 17:26:27 +0800
From: Baokun Li <libaokun1@...wei.com>
To: <mcgrof@...nel.org>, <akpm@...ux-foundation.org>,
<keescook@...omium.org>, <yzaikin@...gle.com>, <ast@...nel.org>,
<daniel@...earbox.net>, <andrii@...nel.org>, <kafai@...com>,
<songliubraving@...com>, <yhs@...com>, <john.fastabend@...il.com>,
<kpsingh@...nel.org>
CC: <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
<netdev@...r.kernel.org>, <bpf@...r.kernel.org>,
<libaokun1@...wei.com>, <yukuai3@...wei.com>,
Hulk Robot <hulkci@...wei.com>
Subject: [PATCH -next V2] sysctl: returns -EINVAL when a negative value is passed to proc_doulongvec_minmax
When we pass a negative value to the proc_doulongvec_minmax() function,
the function returns 0, but the corresponding interface value does not
change.
we can easily reproduce this problem with the following commands:
`cd /proc/sys/fs/epoll`
`echo -1 > max_user_watches; echo $?; cat max_user_watches`
This function requires a non-negative number to be passed in, so when
a negative number is passed in, -EINVAL is returned.
Reported-by: Hulk Robot <hulkci@...wei.com>
Signed-off-by: Baokun Li <libaokun1@...wei.com>
---
V1->V2:
Modify the judgment position.
kernel/sysctl.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 7f07b058b180..4211e39a5fd3 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1147,10 +1147,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table,
err = proc_get_long(&p, &left, &val, &neg,
proc_wspace_sep,
sizeof(proc_wspace_sep), NULL);
- if (err)
+ if (err || neg) {
+ err = -EINVAL;
break;
- if (neg)
- continue;
+ }
+
val = convmul * val / convdiv;
if ((min && val < *min) || (max && val > *max)) {
err = -EINVAL;
--
2.31.1
Powered by blists - more mailing lists