From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752879AbbC2T36 (ORCPT <rfc822;w@1wt.eu>);
	Sun, 29 Mar 2015 15:29:58 -0400
Received: from mout.gmx.net ([212.227.17.20]:63015 "EHLO mout.gmx.net"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752360AbbC2T3z (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Sun, 29 Mar 2015 15:29:55 -0400
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Nazarewicz <mina86@mina86.com>, Ingo Molnar <mingo@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Peter Zijlstra <peterz@infradead.org>, Joe Perches <joe@perches.com>,
        Josh Hunt <johunt@akamai.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        Rusty Russell <rusty@rustcorp.com.au>,
        Daniel Walter <dwalter@google.com>,
        David Rientjes <rientjes@google.com>,
        Kees Cook <keescook@chromium.org>,
        "David S. Miller" <davem@davemloft.net>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Aaron Tomlin <atomlin@redhat.com>, Prarit Bhargava <prarit@redhat.com>,
        Eric B Munson <emunson@akamai.com>,
        "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
        Sam Ravnborg <sam@ravnborg.org>, linux-kernel@vger.kernel.org,
        Heinrich Schuchardt <xypron.glpk@gmx.de>
Subject: [PATCH 2/3] sysctl: detect overflows in proc_get_long
Date: Sun, 29 Mar 2015 21:28:28 +0200
Message-Id: <1427657309-4344-3-git-send-email-xypron.glpk@gmx.de>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1427657309-4344-1-git-send-email-xypron.glpk@gmx.de>
References: <1427657309-4344-1-git-send-email-xypron.glpk@gmx.de>
X-Provags-ID: V03:K0:RYbJUpU6WwG8JHXMyZSp2OBtG7s6BRrbBV0py8ga6GOhVzokuUw
 L58gSLC/Dha+TLOt4zhm7G5TjutkVF8nYOUv3W8ycVlUTCkCxhtiCLOravWECRbVLiyuHzG
 Pplbymzbsbp72+G2t/uv9o3LWeLF3OimWAVwq2IEGUSfe/23epIsjBr/BPrndNjzdko1mMs
 lUj0sqNT/HVWaZGQVIJOQ==
X-UI-Out-Filterresults: notjunk:1;
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When converting strings to unsigned long overflows may occur.
These currently are not detected.

E.g. on a 32bit system
echo 0x800001234 > /proc/sys/kernel/threads-max
has the same effect as
echo 0x1234 > /proc/sys/kernel/threads-max

The patch replaces the call to deprecated simple_strtoul by a call
to kstrtoul_e.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 kernel/sysctl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 88ea2d6..4d9d139 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1884,7 +1884,8 @@ static int proc_get_long(char **buf, size_t *size,
 	if (!isdigit(*p))
 		return -EINVAL;
 
-	*val = simple_strtoul(p, &p, 0);
+	if (kstrtoul_e(p, &p, 0, val) < 0)
+		return -EINVAL;
 
 	len = p - tmp;
 
-- 
2.1.4