mirror of
https://github.com/torvalds/linux.git
synced 2024-11-22 12:11:40 +00:00
capabilities: simplify bound checks for copy_from_user()
The capabilities syscall has a copy_from_user() call where gcc currently cannot prove to itself that the copy is always within bounds. This patch adds a very explicity bound check to prove to gcc that this copy_from_user cannot overflow its destination buffer. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
a27ab9f26b
commit
825332e4ff
@ -238,7 +238,7 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
|
||||
SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
|
||||
{
|
||||
struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
|
||||
unsigned i, tocopy;
|
||||
unsigned i, tocopy, copybytes;
|
||||
kernel_cap_t inheritable, permitted, effective;
|
||||
struct cred *new;
|
||||
int ret;
|
||||
@ -255,8 +255,11 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
|
||||
if (pid != 0 && pid != task_pid_vnr(current))
|
||||
return -EPERM;
|
||||
|
||||
if (copy_from_user(&kdata, data,
|
||||
tocopy * sizeof(struct __user_cap_data_struct)))
|
||||
copybytes = tocopy * sizeof(struct __user_cap_data_struct);
|
||||
if (copybytes > sizeof(kdata))
|
||||
return -EFAULT;
|
||||
|
||||
if (copy_from_user(&kdata, data, copybytes))
|
||||
return -EFAULT;
|
||||
|
||||
for (i = 0; i < tocopy; i++) {
|
||||
|
Loading…
Reference in New Issue
Block a user