KEYS: fix writing past end of user-supplied buffer in keyring_read() - wireguard-linux

diff options

author	Eric Biggers <ebiggers@google.com>	2017-09-18 11:36:45 -0700
committer	David Howells <dhowells@redhat.com>	2017-09-25 15:19:57 +0100
commit	e645016abc803dafc75e4b8f6e4118f088900ffb (patch)
tree	93714c8259d9bb33ae016a8dcf9239e77af00d81 /tools/perf/scripts/python/export-to-postgresql.py
parent	KEYS: fix key refcount leak in keyctl_read_key() (diff)
download	wireguard-linux-e645016abc803dafc75e4b8f6e4118f088900ffb.tar.xz wireguard-linux-e645016abc803dafc75e4b8f6e4118f088900ffb.zip

KEYS: fix writing past end of user-supplied buffer in keyring_read()

Userspace can call keyctl_read() on a keyring to get the list of IDs of keys in the keyring. But if the user-supplied buffer is too small, the kernel would write the full list anyway --- which will corrupt whatever userspace memory happened to be past the end of the buffer. Fix it by only filling the space that is available. Fixes: b2a4df200d57 ("KEYS: Expand the capacity of a keyring") Cc: <stable@vger.kernel.org> [v3.13+] Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>

Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: