git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Dan Rosenberg <drosenberg@vsecurity.com>
	Wed, 15 Jun 2011 22:09:01 +0000 (15:09 -0700)
committer	Willy Tarreau <w@1wt.eu>
	Sat, 11 Feb 2012 14:37:38 +0000 (15:37 +0100)
commit	8a46a8fa8a6a6f91a2ed2a9716c33f02fff5ceda
tree	e9b1fdcc09743339ec3d2f22e123455f344dc11e	tree \| snapshot
parent	0ad5c66579b38136f24d0d9fcc932a0ae3f7b175	commit \| diff

alpha: fix several security issues

commit 21c5977a836e399fc710ff2c5367845ed5c2527f upstream.

Fix several security issues in Alpha-specific syscalls. Untested, but
mostly trivial.

1. Signedness issue in osf_getdomainname allows copying out-of-bounds
kernel memory to userland.

2. Signedness issue in osf_sysinfo allows copying large amounts of
kernel memory to userland.

3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy
size, allowing copying large amounts of kernel memory to userland.

4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows
privilege escalation via writing return value of sys_wait4 to kernel
memory.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>