linux

mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-26 11:28:28 +00:00

History

James Hogan 3a158a62da metag/uaccess: Check access_ok in strncpy_from_user The metag implementation of strncpy_from_user() doesn't validate the src pointer, which could allow reading of arbitrary kernel memory. Add a short access_ok() check to prevent that. Its still possible for it to read across the user/kernel boundary, but it will invariably reach a NUL character after only 9 bytes, leaking only a static kernel address being loaded into D0Re0 at the beginning of __start, which is acceptable for the immediate fix. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org	2017-05-02 21:11:32 +01:00
..
asm	metag/uaccess: Check access_ok in strncpy_from_user	2017-05-02 21:11:32 +01:00
uapi/asm	asm-generic: Drop renameat syscall from default list	2016-05-05 00:42:21 +02:00

James Hogan 3a158a62da metag/uaccess: Check access_ok in strncpy_from_user

The metag implementation of strncpy_from_user() doesn't validate the src
pointer, which could allow reading of arbitrary kernel memory. Add a
short access_ok() check to prevent that.

Its still possible for it to read across the user/kernel boundary, but
it will invariably reach a NUL character after only 9 bytes, leaking
only a static kernel address being loaded into D0Re0 at the beginning of
__start, which is acceptable for the immediate fix.

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org

2017-05-02 21:11:32 +01:00

asm

metag/uaccess: Check access_ok in strncpy_from_user

2017-05-02 21:11:32 +01:00

uapi/asm

asm-generic: Drop renameat syscall from default list

2016-05-05 00:42:21 +02:00