[PATCH 2/3] sysctl: detect overflows in proc_get_long

From: Heinrich Schuchardt
Date: Sun Mar 29 2015 - 15:30:00 EST

Next message: David Miller: "Re: [PATCH v3] net: sysctl for RA default route MTU"
Previous message: Heinrich Schuchardt: "[PATCH 1/3] lib/kstrtox.c: functions returning end of string"
In reply to: Heinrich Schuchardt: "[PATCH 1/3] lib/kstrtox.c: functions returning end of string"
Next in thread: Alexey Dobriyan: "Re: [PATCH 0/3] sysctl: detect overflows when setting integers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When converting strings to unsigned long overflows may occur.
These currently are not detected.

E.g. on a 32bit system
echo 0x800001234 > /proc/sys/kernel/threads-max
has the same effect as
echo 0x1234 > /proc/sys/kernel/threads-max

The patch replaces the call to deprecated simple_strtoul by a call
to kstrtoul_e.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@xxxxxx>
---
kernel/sysctl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 88ea2d6..4d9d139 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1884,7 +1884,8 @@ static int proc_get_long(char **buf, size_t *size,
if (!isdigit(*p))
return -EINVAL;

- *val = simple_strtoul(p, &p, 0);
+ if (kstrtoul_e(p, &p, 0, val) < 0)
+ return -EINVAL;

len = p - tmp;

--
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Miller: "Re: [PATCH v3] net: sysctl for RA default route MTU"
Previous message: Heinrich Schuchardt: "[PATCH 1/3] lib/kstrtox.c: functions returning end of string"
In reply to: Heinrich Schuchardt: "[PATCH 1/3] lib/kstrtox.c: functions returning end of string"
Next in thread: Alexey Dobriyan: "Re: [PATCH 0/3] sysctl: detect overflows when setting integers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]