Skip to content

GitLab

An error occurred while fetching folder content.
Switch branch/tag
History Find file
Clone
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
Zev Weiss authored 
commit 8cf7630b upstream.

This bug has apparently existed since the introduction of this function
in the pre-git era (4500e91754d3 in Thomas Gleixner's history.git,
"[NET]: Add proc_dointvec_userhz_jiffies, use it for proper handling of
neighbour sysctls.").

As a minimal fix we can simply duplicate the corresponding check in
do_proc_dointvec_conv().

Link: http://lkml.kernel.org/r/20190207123426.9202-3-zev@bewilderbeest.net

Signed-off-by: default avatarZev Weiss <zev@bewilderbeest.net>
Cc: Brendan Higgins <brendanhiggins@google.com>
Cc: Iurii Zaikin <yzaikin@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: <stable@vger.kernel.org>	[2.6.2+]
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
0c6ea710
Name Last commit Last update
..
bpf bpf: fix references to free_bpf_prog_info() in comments
configs kconfig: tinyconfig: provide whole choice blocks to avoid warnings
debug kdb: use memmove instead of overlapping memcpy
events perf/core: Fix impossible ring-buffer sizes warning
gcov gcov: disable for COMPILE_TEST
irq Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"
locking locking/lockdep: Fix debug_locks off performance problem
power PM / hibernate: Fix oops at snapshot_write()
printk printk: Fix panic caused by passing log_buf_len to command line
rcu rcu: Clear need_qs flag to prevent splat
sched sched/fair: Fix throttle_list starvation with low CFS quota
time timekeeping: Use proper seqcount initializer
trace tracing/uprobes: Fix output for multiple string arguments
.gitignore Ignore generated file kernel/x509_certificate_list
Kconfig.freezer container freezer: implement freezer cgroup subsystem
Kconfig.hz kernel: remove CONFIG_USE_GENERIC_SMP_HELPERS
Kconfig.locks locking/rwsem: Add CONFIG_RWSEM_SPIN_ON_OWNER
Kconfig.preempt locking/kconfig: Simplify INLINE_SPIN_UNLOCK usage
Makefile bpf: split eBPF out of NET
acct.c kernel/acct.c: fix the acct->needcheck check in check_free_space()
async.c kernel/async.c: revert "async: simplify lowest_in_progress()"
audit.c audit: return on memory error to avoid null pointer dereference
audit.h audit: reduce scope of audit_log_fcaps
audit_tree.c audit: keep inode pinned
audit_watch.c audit: fix use-after-free in audit_add_watch
auditfilter.c
auditsc.c
backtracetest.c
bounds.c
capability.c
cgroup.c
cgroup_freezer.c
compat.c
configs.c
context_tracking.c
cpu.c
cpu_pm.c
cpuset.c
crash_dump.c
cred.c
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c
extable.c
fork.c
freezer.c
futex.c
futex_compat.c
groups.c
hung_task.c
irq_work.c
jump_label.c
kallsyms.c
kcmp.c
kexec.c
kmod.c
kprobes.c
ksysfs.c
kthread.c
latencytop.c
module-internal.h
module.c
module_signing.c
notifier.c
nsproxy.c
padata.c
panic.c
params.c
pid.c
pid_namespace.c
profile.c
ptrace.c
range.c
reboot.c
relay.c
res_counter.c
resource.c
seccomp.c
signal.c
smp.c
smpboot.c
smpboot.h
softirq.c
stacktrace.c
stop_machine.c
sys.c
sys_ni.c
sysctl.c
sysctl_binary.c
system_certificates.S
system_keyring.c
task_work.c
taskstats.c
test_kprobes.c
torture.c
tracepoint.c
tsacct.c
uid16.c