From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Nazarewicz <mina86@mina86.com>,
Ingo Molnar <mingo@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Peter Zijlstra <peterz@infradead.org>,
Joe Perches <joe@perches.com>, Josh Hunt <johunt@akamai.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Rusty Russell <rusty@rustcorp.com.au>,
Daniel Walter <dwalter@google.com>,
David Rientjes <rientjes@google.com>,
Kees Cook <keescook@chromium.org>,
"David S. Miller" <davem@davemloft.net>,
Johannes Weiner <hannes@cmpxchg.org>,
Aaron Tomlin <atomlin@redhat.com>,
Prarit Bhargava <prarit@redhat.com>,
Eric B Munson <emunson@akamai.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Sam Ravnborg <sam@ravnborg.org>,
linux-kernel@vger.kernel.org,
Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [PATCH 2/3] sysctl: detect overflows in proc_get_long
Date: Sun, 29 Mar 2015 21:28:28 +0200 [thread overview]
Message-ID: <1427657309-4344-3-git-send-email-xypron.glpk@gmx.de> (raw)
In-Reply-To: <1427657309-4344-1-git-send-email-xypron.glpk@gmx.de>
When converting strings to unsigned long overflows may occur.
These currently are not detected.
E.g. on a 32bit system
echo 0x800001234 > /proc/sys/kernel/threads-max
has the same effect as
echo 0x1234 > /proc/sys/kernel/threads-max
The patch replaces the call to deprecated simple_strtoul by a call
to kstrtoul_e.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
kernel/sysctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 88ea2d6..4d9d139 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1884,7 +1884,8 @@ static int proc_get_long(char **buf, size_t *size,
if (!isdigit(*p))
return -EINVAL;
- *val = simple_strtoul(p, &p, 0);
+ if (kstrtoul_e(p, &p, 0, val) < 0)
+ return -EINVAL;
len = p - tmp;
--
2.1.4
next prev parent reply other threads:[~2015-03-29 19:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-29 19:28 [PATCH 0/3] sysctl: detect overflows when setting integers Heinrich Schuchardt
2015-03-29 19:28 ` [PATCH 1/3] lib/kstrtox.c: functions returning end of string Heinrich Schuchardt
2015-03-29 19:28 ` Heinrich Schuchardt [this message]
2015-03-29 19:28 ` [PATCH 3/3] sysctl: detect overflows when converting to int Heinrich Schuchardt
2015-03-31 17:12 ` Fwd: " Heinrich Schuchardt
2015-03-31 22:45 ` Andrew Morton
2015-04-01 17:31 ` Heinrich Schuchardt
2015-06-08 22:41 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1427657309-4344-3-git-send-email-xypron.glpk@gmx.de \
--to=xypron.glpk@gmx.de \
--cc=akpm@linux-foundation.org \
--cc=atomlin@redhat.com \
--cc=davem@davemloft.net \
--cc=dwalter@google.com \
--cc=emunson@akamai.com \
--cc=hannes@cmpxchg.org \
--cc=joe@perches.com \
--cc=johunt@akamai.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mina86@mina86.com \
--cc=mingo@kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=peterz@infradead.org \
--cc=prarit@redhat.com \
--cc=rientjes@google.com \
--cc=rostedt@goodmis.org \
--cc=rusty@rustcorp.com.au \
--cc=sam@ravnborg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).