diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2018-10-10 20:29:44 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-11-13 11:12:41 -0800 |
| commit | 9f0654d9a878add21b8140335b78bd3aaff9b252 (patch) | |
| tree | 6a7d95217eb606706637ff745a5f892bdd5baa24 /kernel | |
| parent | 071161f0cce48cb7b72215fe02b71b4985f2f26a (diff) | |
signal: Guard against negative signal numbers in copy_siginfo_from_user32
commit a36700589b85443e28170be59fa11c8a104130a5 upstream.
While fixing an out of bounds array access in known_siginfo_layout
reported by the kernel test robot it became apparent that the same bug
exists in siginfo_layout and affects copy_siginfo_from_user32.
The straight forward fix that makes guards against making this mistake
in the future and should keep the code size small is to just take an
unsigned signal number instead of a signed signal number, as I did to
fix known_siginfo_layout.
Cc: stable@vger.kernel.org
Fixes: cc731525f26a ("signal: Remove kernel interal si_code magic")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/signal.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/signal.c b/kernel/signal.c index 1628b67992d6..dce9859f6547 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -2804,7 +2804,7 @@ COMPAT_SYSCALL_DEFINE2(rt_sigpending, compat_sigset_t __user *, uset, } #endif -enum siginfo_layout siginfo_layout(int sig, int si_code) +enum siginfo_layout siginfo_layout(unsigned sig, int si_code) { enum siginfo_layout layout = SIL_KILL; if ((si_code > SI_USER) && (si_code < SI_KERNEL)) { |