KEYS: fix writing past end of user-supplied buffer in keyring_read() - bcachefs.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Eric Biggers <ebiggers@google.com>	2017-09-18 11:36:45 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-10-05 09:41:45 +0200
commit	af24e9d8ba1a323cd13c4c962a74d0f2c48abd75 (patch)
tree	86d0a35eb34dd0dcae30ef3cdd97aa159724ef81 /security/selinux
parent	362711d59b0c854431ba7e5a645ee8f65e75b459 (diff)

KEYS: fix writing past end of user-supplied buffer in keyring_read()

commit e645016abc803dafc75e4b8f6e4118f088900ffb upstream. Userspace can call keyctl_read() on a keyring to get the list of IDs of keys in the keyring. But if the user-supplied buffer is too small, the kernel would write the full list anyway --- which will corrupt whatever userspace memory happened to be past the end of the buffer. Fix it by only filling the space that is available. Fixes: b2a4df200d57 ("KEYS: Expand the capacity of a keyring") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'security/selinux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: