linux/security
Eric Biggers e645016abc KEYS: fix writing past end of user-supplied buffer in keyring_read()
Userspace can call keyctl_read() on a keyring to get the list of IDs of
keys in the keyring.  But if the user-supplied buffer is too small, the
kernel would write the full list anyway --- which will corrupt whatever
userspace memory happened to be past the end of the buffer.  Fix it by
only filling the space that is available.

Fixes: b2a4df200d ("KEYS: Expand the capacity of a keyring")
Cc: <stable@vger.kernel.org>	[v3.13+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2017-09-25 15:19:57 +01:00
..
apparmor apparmor: Refactor to remove bprm_secureexec hook 2017-08-01 12:03:06 -07:00
integrity Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-07-05 11:26:35 -07:00
keys KEYS: fix writing past end of user-supplied buffer in keyring_read() 2017-09-25 15:19:57 +01:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux selinux/stable-4.14 PR 20170831 2017-09-12 13:21:00 -07:00
smack This series has the ultimate goal of providing a sane stack rlimit when 2017-09-07 20:35:29 -07:00
tomoyo exec: Rename bprm->cred_prepared to called_set_creds 2017-08-01 12:02:48 -07:00
yama doc: ReSTify Yama.txt 2017-05-18 10:33:04 -06:00
commoncap.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2017-09-11 18:34:47 -07:00
device_cgroup.c
inode.c securityfs: add the ability to support symlinks 2017-06-08 12:51:43 -07:00
Kconfig include/linux/string.h: add the option of fortified string.h functions 2017-07-12 16:26:03 -07:00
lsm_audit.c lsm_audit: update my email address 2017-08-17 15:33:39 -04:00
Makefile
min_addr.c
security.c selinux/stable-4.14 PR 20170831 2017-09-12 13:21:00 -07:00