]> git.karo-electronics.de Git - karo-tx-linux.git/commit
kernel/sys.c: fix stack memory content leak via UNAME26
authorKees Cook <keescook@chromium.org>
Fri, 12 Oct 2012 04:22:43 +0000 (15:22 +1100)
committerStephen Rothwell <sfr@canb.auug.org.au>
Tue, 16 Oct 2012 02:47:54 +0000 (13:47 +1100)
commit14c4d613c3d2e1aeac297de1deef61c88d7d6b74
tree98b098268d42ab114ced56ca39a70b1faaaf6823
parentd95cd749e6e9485b2d32eb0586c83b0ff8679f31
kernel/sys.c: fix stack memory content leak via UNAME26

Calling uname() with the UNAME26 personality set allows a leak of kernel
stack contents.  This fixes it by defensively calculating the length of
copy_to_user() call, making the len argument unsigned, and initializing
the stack buffer to zero (now technically unneeded, but hey, overkill).

CVE-2012-0957

Reported-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: PaX Team <pageexec@freemail.hu>
Cc: Brad Spengler <spender@grsecurity.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
kernel/sys.c