ACK: [SRU][Trusty][PATCH 1/1] n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
Tyler Hicks
tyhicks at canonical.com
Fri Nov 9 23:48:37 UTC 2018
On 2018-11-09 18:04:26, Kleber Sacilotto de Souza wrote:
> From: Linus Torvalds <torvalds at linux-foundation.org>
>
> We added support for EXTPROC back in 2010 in commit 26df6d13406d ("tty:
> Add EXTPROC support for LINEMODE") and the intent was to allow it to
> override some (all?) ICANON behavior. Quoting from that original commit
> message:
>
> There is a new bit in the termios local flag word, EXTPROC.
> When this bit is set, several aspects of the terminal driver
> are disabled. Input line editing, character echo, and mapping
> of signals are all disabled. This allows the telnetd to turn
> off these functions when in linemode, but still keep track of
> what state the user wants the terminal to be in.
>
> but the problem turns out that "several aspects of the terminal driver
> are disabled" is a bit ambiguous, and you can really confuse the n_tty
> layer by setting EXTPROC and then causing some of the ICANON invariants
> to no longer be maintained.
>
> This fixes at least one such case (TIOCINQ) becoming unhappy because of
> the confusion over whether ICANON really means ICANON when EXTPROC is set.
>
> This basically makes TIOCINQ match the case of read: if EXTPROC is set,
> we ignore ICANON. Also, make sure to reset the ICANON state ie EXTPROC
> changes, not just if ICANON changes.
>
> Fixes: 26df6d13406d ("tty: Add EXTPROC support for LINEMODE")
> Reported-by: Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp>
> Reported-by: syzkaller <syzkaller at googlegroups.com>
> Cc: Jiri Slaby <jslaby at suse.com>
> Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
>
> CVE-2018-18386
> (cherry picked from commit 966031f340185eddd05affcf72b740549f056348)
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> ---
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20181109/e3a514b5/attachment-0001.sig>
More information about the kernel-team
mailing list