diff options
author | David S. Miller <davem@davemloft.net> | 2017-07-21 05:38:43 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-07-21 05:38:43 +0300 |
commit | 7a68ada6ec7d88c68057d3a4c2a517eb94289976 (patch) | |
tree | 51cd586e74fc92bfbdf382fa1544a235d908b25c /security | |
parent | 760446f967678e14ee1b6464ee1bb8562f299fa6 (diff) | |
parent | 96080f697786e0a30006fcbcc5b53f350fcb3e9f (diff) | |
download | linux-7a68ada6ec7d88c68057d3a4c2a517eb94289976.tar.xz |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'security')
-rw-r--r-- | security/Kconfig | 7 | ||||
-rw-r--r-- | security/keys/compat_dh.c | 2 | ||||
-rw-r--r-- | security/keys/dh.c | 5 | ||||
-rw-r--r-- | security/keys/internal.h | 2 |
4 files changed, 15 insertions, 1 deletions
diff --git a/security/Kconfig b/security/Kconfig index d540bfe73190..e8e449444e65 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -163,6 +163,13 @@ config HARDENED_USERCOPY_PAGESPAN been removed. This config is intended to be used only while trying to find such users. +config FORTIFY_SOURCE + bool "Harden common str/mem functions against buffer overflows" + depends on ARCH_HAS_FORTIFY_SOURCE + help + Detect overflows of buffers in common string and memory functions + where the compiler can determine and validate the buffer sizes. + config STATIC_USERMODEHELPER bool "Force all usermode helper calls through a single binary" help diff --git a/security/keys/compat_dh.c b/security/keys/compat_dh.c index a6a659b6bcb6..aa6b34cafe5f 100644 --- a/security/keys/compat_dh.c +++ b/security/keys/compat_dh.c @@ -33,6 +33,8 @@ long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params, kdfcopy.hashname = compat_ptr(compat_kdfcopy.hashname); kdfcopy.otherinfo = compat_ptr(compat_kdfcopy.otherinfo); kdfcopy.otherinfolen = compat_kdfcopy.otherinfolen; + memcpy(kdfcopy.__spare, compat_kdfcopy.__spare, + sizeof(kdfcopy.__spare)); return __keyctl_dh_compute(params, buffer, buflen, &kdfcopy); } diff --git a/security/keys/dh.c b/security/keys/dh.c index 4755d4b4f945..d1ea9f325f94 100644 --- a/security/keys/dh.c +++ b/security/keys/dh.c @@ -266,6 +266,11 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params, if (kdfcopy) { char *hashname; + if (memchr_inv(kdfcopy->__spare, 0, sizeof(kdfcopy->__spare))) { + ret = -EINVAL; + goto out1; + } + if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN || kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) { ret = -EMSGSIZE; diff --git a/security/keys/internal.h b/security/keys/internal.h index 91bc6214ae57..1c02c6547038 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -198,7 +198,7 @@ struct request_key_auth { void *callout_info; size_t callout_len; pid_t pid; -}; +} __randomize_layout; extern struct key_type key_type_request_key_auth; extern struct key *request_key_auth_new(struct key *target, |