[PATCH] UBUNTU: SAUCE: LSM stacking: check for invalid zero sized writes
Colin King
colin.king at canonical.com
Tue Oct 3 12:12:54 UTC 2017
From: Colin Ian King <colin.king at canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1720779
Writing zero bytes to /proc/$pid/task/$pid/attr/context via
security_setprocattr cause an oops in memcpy_erms. Fix this by
checking for zero size and returning -EINVAL for this invalid
write size.
Detected by running stress-ng --procfs 0
Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
security/security.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/security.c b/security/security.c
index 31efa8c..cdc1627 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2007,6 +2007,9 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
char *temp;
char *cp;
+ if (!size)
+ return -EINVAL;
+
/*
* If lsm is NULL look at all the modules to find one
* that processes name. If lsm is not NULL only look at
--
2.7.4
More information about the kernel-team
mailing list