[PATCH][SRU][PRECISE] KEYS: ensure xbuf is large enough to fix buffer overflow in proc_keys_show (LP: #1634496)
Marcelo Cerri
marcelo.cerri at canonical.com
Tue Oct 18 19:35:15 UTC 2016
--
Regards,
Marcelo
On Tue, Oct 18, 2016 at 02:47:06PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> BugLink: http://bugs.launchpad.net/bugs/1634496
>
> CVE-2016-7042
>
> When stack protect is enabled xbuf is too small for timeout data causing a
> buffer overflow and a stack protector corruption report.
>
> OriginalAuthor: Vladis Dronov <vdronov at redhat.com>
> OriginalLocation: https://bugzilla.redhat.com/attachment.cgi?id=1200212&action=diff
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
> security/keys/proc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/keys/proc.c b/security/keys/proc.c
> index 49bbc97..3f7b410 100644
> --- a/security/keys/proc.c
> +++ b/security/keys/proc.c
> @@ -188,7 +188,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
> struct timespec now;
> unsigned long timo;
> key_ref_t key_ref, skey_ref;
> - char xbuf[12];
> + char xbuf[16];
Isn't safe to use the maximum value possible? 20 for the unsigned long
max, +1 for the unit character and +1 for \0.
> int rc;
>
> key_ref = make_key_ref(key, 0);
> --
> 2.9.3
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20161018/d3a28e75/attachment.sig>
More information about the kernel-team
mailing list