forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/include
History
Linus Torvalds 67e022f3ad next_pidmap: fix overflow condition 
commit c78193e9c7 upstream.

next_pidmap() just quietly accepted whatever 'last' pid that was passed
in, which is not all that safe when one of the users is /proc.

Admittedly the proc code should do some sanity checking on the range
(and that will be the next commit), but that doesn't mean that the
helper functions should just do that pidmap pointer arithmetic without
checking the range of its arguments.

So clamp 'last' to PID_MAX_LIMIT.  The fact that we then do "last+1"
doesn't really matter, the for-loop does check against the end of the
pidmap array properly (it's only the actual pointer arithmetic overflow
case we need to worry about, and going one bit beyond isn't going to
overflow).

[ Use PID_MAX_LIMIT rather than pid_max as per Eric Biederman ]

Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Analyzed-by: Robert Święcki <robert@swiecki.net>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-04-22 08:44:25 -07:00
..
acpi ACPI: skip checking BM_STS if the BIOS doesn't ask for it 2010-08-02 10:21:24 -07:00
asm-generic dma-mapping: fix dma_sync_single_range_* 2010-05-26 14:29:14 -07:00
crypto
drm drm: fix unsigned vs signed comparison issue in modeset ctl ioctl. 2011-03-07 15:17:52 -08:00
keys RxRPC: Fix v1 keys 2011-03-14 14:29:53 -07:00
linux next_pidmap: fix overflow condition 2011-04-22 08:44:25 -07:00
math-emu math-emu: correct test for downshifting fraction in _FP_FROM_INT() 2010-08-02 10:20:44 -07:00
media V4L/DVB (13019): video: initial support for ADV7180 2009-09-19 00:53:39 -03:00
mtd
net sctp: Fix oops when sending queued ASCONF chunks 2011-03-07 15:17:55 -08:00
pcmcia PM / yenta: Split resume into early and late parts (rev. 4) 2009-11-03 10:54:58 +01:00
rdma trivial: fix typo "to to" in multiple files 2009-09-21 15:14:55 +02:00
rxrpc
scsi ses: Avoid kernel panic when lun 0 is not mapped 2011-04-14 16:53:20 -07:00
sound ASoC: Explicitly say registerless widgets have no register 2011-04-14 16:53:26 -07:00
trace tracing: Fix ftrace_event_call alignment for use with gcc 4.5 2010-05-12 14:57:14 -07:00
video davinci-fb-frame-buffer-driver-for-ti-da8xx-omap-l1xx-v4 2009-09-23 07:39:51 -07:00
xen
Kbuild