Re: [PATCH] ibmasm: don't write out of bounds in read handler

From: Greg Kroah-Hartman
Date: Sat Jul 07 2018 - 04:00:44 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH] staging: speakup: fix wraparound in uaccess length check"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] Fix range checks in kernfs_get_target_path"
In reply to: Jann Horn: "[PATCH] ibmasm: don't write out of bounds in read handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 07, 2018 at 04:16:33AM +0200, Jann Horn wrote:
> This read handler had a lot of custom logic and wrote outside the bounds of
> the provided buffer. This could lead to kernel and userspace memory
> corruption. Just use simple_read_from_buffer() with a stack buffer.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
> ---
> NOTE: I put a "CC: stable" tag on this commit because it's a simple
> change and I don't know whether bugs in this code matter; I don't
> have any idea what the userland for this looks like.
> If it's not important, feel free to remove the tag.

Looks worthy of a stable tree inclusion, thanks. I've kept it and
queued the patch up now.

greg k-h

Next message: Greg Kroah-Hartman: "Re: [PATCH] staging: speakup: fix wraparound in uaccess length check"
Previous message: Greg Kroah-Hartman: "Re: [PATCH] Fix range checks in kernfs_get_target_path"
In reply to: Jann Horn: "[PATCH] ibmasm: don't write out of bounds in read handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]