linux/net
Cyrill Gorcunov 27df6f25ff sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports
Vegard Nossum reported
----------------------
> I noticed that something weird is going on with /proc/sys/sunrpc/transports.
> This file is generated in net/sunrpc/sysctl.c, function proc_do_xprt(). When
> I "cat" this file, I get the expected output:
>    $ cat /proc/sys/sunrpc/transports
>    tcp 1048576
>    udp 32768

> But I think that it does not check the length of the buffer supplied by
> userspace to read(). With my original program, I found that the stack was
> being overwritten by the characters above, even when the length given to
> read() was just 1.

David Wagner added (among other things) that copy_to_user could be
probably used here.

Ingo Oeser suggested to use simple_read_from_buffer() here.

The conclusion is that proc_do_xprt doesn't check for userside buffer
size indeed so fix this by using Ingo's suggestion.

Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
CC: Ingo Oeser <ioe-lkml@rameria.de>
Cc: Neil Brown <neilb@suse.de>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Greg Banks <gnb@sgi.com>
Cc: Tom Tucker <tom@opengridcomputing.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2008-09-01 14:24:24 -04:00
..
9p flag parameters: socket and socketpair 2008-07-24 10:47:27 -07:00
802 list_for_each_rcu must die: networking 2008-07-25 10:53:27 -07:00
8021q netdev: Handle ->addr_list_lock just like ->_xmit_lock for lockdep. 2008-07-22 14:16:42 -07:00
appletalk net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
atm atm: fix const assignment/discard warnings in the ATM networking driver 2008-07-30 16:31:46 -07:00
ax25 AX.25: Fix sysctl registration if !CONFIG_AX25_DAMA_SLAVE 2008-08-05 18:46:57 -07:00
bluetooth [Bluetooth] Add parameters to control BNEP header compression 2008-08-07 22:26:54 +02:00
bridge bridge: Eliminate unnecessary forward delay 2008-08-05 18:42:51 -07:00
can netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
core pktgen: multiqueue etc. 2008-08-07 02:23:01 -07:00
dccp tcp: Fix kernel panic when calling tcp_v(4/6)_md5_do_lookup 2008-08-06 23:50:04 -07:00
decnet netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
econet netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
ethernet [NET]: Return more appropriate error from eth_validate_addr(). 2008-04-13 22:45:40 -07:00
ieee80211 wext: Emit event stream entries correctly when compat. 2008-06-16 18:50:49 -07:00
ipv4 tcp: (whitespace only) fix confusing indentation 2008-08-07 20:27:45 -07:00
ipv6 tcp: Fix kernel panic when calling tcp_v(4/6)_md5_do_lookup 2008-08-06 23:50:04 -07:00
ipx netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
irda Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-07-20 17:43:29 -07:00
iucv Merge branch 'linus' into cpus4096-for-linus 2008-07-21 17:19:50 +02:00
key net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
lapb [LAPB] net/lapb/lapb_iface.c: use LIST_HEAD instead of LIST_HEAD_INIT 2008-01-28 14:56:52 -08:00
llc netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
mac80211 mac80211: keep mesh ifaces in allmulti mode 2008-08-07 09:49:04 -04:00
netfilter netfilter: fix two recent sysctl problems 2008-08-06 02:35:44 -07:00
netlabel netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
netlink net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
netrom netdev: Handle ->addr_list_lock just like ->_xmit_lock for lockdep. 2008-07-22 14:16:42 -07:00
packet net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
rfkill RFKILL: set the status of the leds on activation. 2008-08-01 15:31:33 -04:00
rose netdev: Handle ->addr_list_lock just like ->_xmit_lock for lockdep. 2008-07-22 14:16:42 -07:00
rxrpc net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
sched pkt_sched: Fix actions referencing 2008-08-07 20:37:22 -07:00
sctp sctp: Drop ipfargok in sctp_xmit function 2008-08-03 21:15:08 -07:00
sunrpc sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports 2008-09-01 14:24:24 -04:00
tipc netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
unix Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2008-07-26 20:23:44 -07:00
wanrouter wanmain.c doesn't need syncppp.h 2008-07-23 23:00:36 +02:00
wireless nl80211: fix dump callbacks 2008-07-29 16:55:08 -04:00
x25 netns: Use net_eq() to compare net-namespaces for optimization. 2008-07-19 22:34:43 -07:00
xfrm net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
Kconfig net: Make "networking" one-click deselectable. 2008-07-30 03:27:53 -07:00
Makefile vlan: uninline __vlan_hwaccel_rx 2008-07-08 03:23:36 -07:00
TUNABLE
compat.c flag parameters: paccept 2008-07-24 10:47:27 -07:00
nonet.c
socket.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
sysctl_net.c missing bits of net-namespace / sysctl 2008-07-27 09:45:34 -07:00