diff options
author | Eric Biggers <ebiggers@google.com> | 2017-09-18 11:36:45 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-10-05 09:41:45 +0200 |
commit | af24e9d8ba1a323cd13c4c962a74d0f2c48abd75 (patch) | |
tree | 86d0a35eb34dd0dcae30ef3cdd97aa159724ef81 /Documentation/unicode.txt | |
parent | 362711d59b0c854431ba7e5a645ee8f65e75b459 (diff) |
KEYS: fix writing past end of user-supplied buffer in keyring_read()
commit e645016abc803dafc75e4b8f6e4118f088900ffb upstream.
Userspace can call keyctl_read() on a keyring to get the list of IDs of
keys in the keyring. But if the user-supplied buffer is too small, the
kernel would write the full list anyway --- which will corrupt whatever
userspace memory happened to be past the end of the buffer. Fix it by
only filling the space that is available.
Fixes: b2a4df200d57 ("KEYS: Expand the capacity of a keyring")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'Documentation/unicode.txt')
0 files changed, 0 insertions, 0 deletions