diff options
author | Arjan van de Ven <arjan@infradead.org> | 2009-10-14 08:17:36 +1100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-14 08:17:36 +1100 |
commit | 825332e4ff1373c55d931b49408df7ec2298f71e (patch) | |
tree | f489a311e576eb1b45ff62cbc0cccbe3bea2baeb /kernel/capability.c | |
parent | a27ab9f26b729326778271c1efd895aef4fda1c4 (diff) |
capabilities: simplify bound checks for copy_from_user()
The capabilities syscall has a copy_from_user() call where gcc currently
cannot prove to itself that the copy is always within bounds.
This patch adds a very explicity bound check to prove to gcc that this
copy_from_user cannot overflow its destination buffer.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/capability.c')
-rw-r--r-- | kernel/capability.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index 4e17041963f5..c2316d3fa094 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -238,7 +238,7 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data) { struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; - unsigned i, tocopy; + unsigned i, tocopy, copybytes; kernel_cap_t inheritable, permitted, effective; struct cred *new; int ret; @@ -255,8 +255,11 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data) if (pid != 0 && pid != task_pid_vnr(current)) return -EPERM; - if (copy_from_user(&kdata, data, - tocopy * sizeof(struct __user_cap_data_struct))) + copybytes = tocopy * sizeof(struct __user_cap_data_struct); + if (copybytes > sizeof(kdata)) + return -EFAULT; + + if (copy_from_user(&kdata, data, copybytes)) return -EFAULT; for (i = 0; i < tocopy; i++) { |