[Devel] [PATCH] proc_keys_show: fix for buffer overflow
Igor Redko
redkoi at virtuozzo.com
Tue Oct 25 06:30:41 PDT 2016
CVE-2016-7042, PSBM-53937
upstream: 3e3a29b99c670aacd894f2717b6cca1eafaeb2e4
It was found that when gcc stack protector is turned on,
proc_keys_show() can cause a panic in the Linux kernel due to
the stack corruption. This happens because xbuf[] is not big
enough to hold a 64-bit timeout value rendered as weeks.
---
It isn't in upstream for now, but seems to be trivial.
Signed-off-by: Igor Redko <redkoi at virtuozzo.com>
---
security/keys/proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 88e9a46..350f5f6 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -187,7 +187,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
struct timespec now;
unsigned long timo;
key_ref_t key_ref, skey_ref;
- char xbuf[12];
+ char xbuf[16];
int rc;
struct keyring_search_context ctx = {
--
1.8.3.1
More information about the Devel
mailing list