diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-01-03 03:42:10 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-01-03 03:42:10 +0300 |
| commit | bf6dd9a58ebaba2608d2aebd2a7a704014121f16 (patch) | |
| tree | 06e3b17d4bb428fadc944e2680a11bd68c086865 /kernel | |
| parent | 278b14eb920322255bf5b831e2bcfc1bf5999036 (diff) | |
| parent | e4ab5ccc357b978999328fadae164e098c26fa40 (diff) | |
| download | linux-bf6dd9a58ebaba2608d2aebd2a7a704014121f16.tar.xz | |
Merge tag 'seccomp-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull seccomp fixes from Kees Cook:
"Fixes for seccomp_notify_ioctl uapi sanity from Sargun Dhillon.
The bulk of this is fixing the surrounding samples and selftests so
that seccomp can correctly validate the seccomp_notify_ioctl buffer as
being initially zeroed.
Summary:
- Fix samples and selftests to zero passed-in buffer
- Enforce zeroed buffer checking
- Verify buffer sanity check in selftest"
* tag 'seccomp-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
seccomp: Check that seccomp_notif is zeroed out by the user
selftests/seccomp: Zero out seccomp_notif
samples/seccomp: Zero out members based on seccomp_notif_sizes
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/seccomp.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 12d2227e5786..b6ea3dcb57bf 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1026,6 +1026,13 @@ static long seccomp_notify_recv(struct seccomp_filter *filter, struct seccomp_notif unotif; ssize_t ret; + /* Verify that we're not given garbage to keep struct extensible. */ + ret = check_zeroed_user(buf, sizeof(unotif)); + if (ret < 0) + return ret; + if (!ret) + return -EINVAL; + memset(&unotif, 0, sizeof(unotif)); ret = down_interruptible(&filter->notif->request); |