| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240730051625.14349-1-viro@kernel.org> Date: Tue, 30 Jul 2024 01:15:47 -0400 From: viro@...nel.org To: linux-fsdevel@...r.kernel.org Cc: amir73il@...il.com, bpf@...r.kernel.org, brauner@...nel.org, cgroups@...r.kernel.org, kvm@...r.kernel.org, netdev@...r.kernel.org, torvalds@...ux-foundation.org Subject: [PATCH 01/39] memcg_write_event_control(): fix a user-triggerable oops From: Al Viro <viro@...iv.linux.org.uk> we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). [the sucker got moved in mainline] Signed-off-by: Al Viro <viro@...iv.linux.org.uk> --- mm/memcontrol-v1.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mm/memcontrol-v1.c b/mm/memcontrol-v1.c index 2aeea4d8bf8e..417c96f2da28 100644 --- a/mm/memcontrol-v1.c +++ b/mm/memcontrol-v1.c @@ -1842,9 +1842,12 @@ static ssize_t memcg_write_event_control(struct kernfs_open_file *of, buf = endp + 1; cfd = simple_strtoul(buf, &endp, 10); - if ((*endp != ' ') && (*endp != '\0')) + if (*endp == '\0') + buf = endp; + else if (*endp == ' ') + buf = endp + 1; + else return -EINVAL; - buf = endp + 1; event = kzalloc(sizeof(*event), GFP_KERNEL); if (!event) -- 2.39.2
Powered by blists - more mailing lists