metag/uaccess: Check access_ok in strncpy_from_user - openslx/kernel-qcow2-linux.git

diff options

author	James Hogan	2017-05-02 20:41:06 +0200
committer	James Hogan	2017-05-02 22:11:32 +0200
commit	3a158a62da0673db918b53ac1440845a5b64fd90 (patch)
tree	6ba8e4c284d1caf5dbbc2a813dc6b214d6e097d5 /mm/frame_vector.c
parent	metag/uaccess: Fix access_ok() (diff)
download	kernel-qcow2-linux-3a158a62da0673db918b53ac1440845a5b64fd90.tar.gz kernel-qcow2-linux-3a158a62da0673db918b53ac1440845a5b64fd90.tar.xz kernel-qcow2-linux-3a158a62da0673db918b53ac1440845a5b64fd90.zip

metag/uaccess: Check access_ok in strncpy_from_user

The metag implementation of strncpy_from_user() doesn't validate the src pointer, which could allow reading of arbitrary kernel memory. Add a short access_ok() check to prevent that. Its still possible for it to read across the user/kernel boundary, but it will invariably reach a NUL character after only 9 bytes, leaking only a static kernel address being loaded into D0Re0 at the beginning of __start, which is acceptable for the immediate fix. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org

Diffstat (limited to 'mm/frame_vector.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: