Patchwork [quantal,CVE,2/2] use clamp_t in UNAME26 fix

login
register
mail settings
Submitter Luis Henriques
Date Nov. 8, 2012, 10:28 a.m.
Message ID <1352370502-9996-3-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/197822/
State New
Headers show

Comments

Luis Henriques - Nov. 8, 2012, 10:28 a.m.
From: Kees Cook <keescook@chromium.org>

BugLink: http://bugs.launchpad.net/bugs/1065622
BugLink: http://bugs.launchpad.net/bugs/1060521

The min/max call needed to have explicit types on some architectures
(e.g. mn10300). Use clamp_t instead to avoid the warning:

  kernel/sys.c: In function 'override_release':
  kernel/sys.c:1287:10: warning: comparison of distinct pointer types lacks a cast [enabled by default]

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

(cherry picked from commit 31fd84b95eb211d5db460a1dda85e004800a7b52)
CVE-2012-0957
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 kernel/sys.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch

diff --git a/kernel/sys.c b/kernel/sys.c
index 1b66408..b6fe559 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1284,7 +1284,7 @@  static int override_release(char __user *release, size_t len)
 			rest++;
 		}
 		v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40;
-		copy = min(sizeof(buf), max_t(size_t, 1, len));
+		copy = clamp_t(size_t, len, 1, sizeof(buf));
 		copy = scnprintf(buf, copy, "2.6.%u%s", v, rest);
 		ret = copy_to_user(release, buf, copy + 1);
 	}