redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
Fork of reMarkable kernel https://github.com/reMarkable/linux
713,792 Commits
26 Branches
0 Tags
2.7 GiB
C 97.7%
Assembly 1.6%
Makefile 0.3%
Perl 0.1%
 
 
 
 
Go to file
Eric Biggers d9bb71d76c KEYS: DNS: fix parsing multiple options 
commit c604cb7670 upstream.

My recent fix for dns_resolver_preparse() printing very long strings was
incomplete, as shown by syzbot which still managed to hit the
WARN_ONCE() in set_precision() by adding a crafted "dns_resolver" key:

    precision 50001 too large
    WARNING: CPU: 7 PID: 864 at lib/vsprintf.c:2164 vsnprintf+0x48a/0x5a0

The bug this time isn't just a printing bug, but also a logical error
when multiple options ("#"-separated strings) are given in the key
payload.  Specifically, when separating an option string into name and
value, if there is no value then the name is incorrectly considered to
end at the end of the key payload, rather than the end of the current
option.  This bypasses validation of the option length, and also means
that specifying multiple options is broken -- which presumably has gone
unnoticed as there is currently only one valid option anyway.

A similar problem also applied to option values, as the kstrtoul() when
parsing the "dnserror" option will read past the end of the current
option and into the next option.

Fix these bugs by correctly computing the length of the option name and
by copying the option value, null-terminated, into a temporary buffer.

Reproducer for the WARN_ONCE() that syzbot hit:

    perl -e 'print "#A#", "\0" x 50000' | keyctl padd dns_resolver desc @s

Reproducer for "dnserror" option being parsed incorrectly (expected
behavior is to fail when seeing the unknown option "foo", actual
behavior was to read the dnserror value as "1#foo" and fail there):

    perl -e 'print "#dnserror=1#foo\0"' | keyctl padd dns_resolver desc @s

Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 4a2d789267 ("DNS: If the DNS server returns an error, allow that to be cached [ver #2]")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-07-22 14:28:49 +02:00
Documentation kbuild: delete INSTALL_FW_PATH from kbuild documentation 2018-07-17 11:39:30 +02:00
arch x86/paravirt: Make native_save_fl() extern inline 2018-07-22 14:28:42 +02:00
block block: do not use interruptible wait anywhere 2018-07-22 14:28:48 +02:00
certs License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
crypto crypto: af_alg - Initialize sg_num_bytes in error code path 2018-07-22 14:28:48 +02:00
drivers PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg() 2018-07-22 14:28:48 +02:00
firmware License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fs reiserfs: fix buffer overflow with long warning messages 2018-07-22 14:28:49 +02:00
include net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager 2018-07-22 14:28:44 +02:00
init init: fix false positives in W+X checking 2018-06-21 04:02:57 +09:00
ipc ipc/shm: fix shmat() nil address after round-down when remapping 2018-05-30 07:51:49 +02:00
kernel clocksource: Initialize cs->wd_list 2018-07-22 14:28:48 +02:00
lib lib/vsprintf: Remove atomic-unsafe support for %pCr 2018-07-03 11:24:48 +02:00
mm mm: do not bug_on on incorrect length in __mm_populate() 2018-07-17 11:39:29 +02:00
net KEYS: DNS: fix parsing multiple options 2018-07-22 14:28:49 +02:00
samples samples/bpf: Partially fixes the bpf.o build 2018-04-26 11:02:12 +02:00
scripts Kbuild: fix # escaping in .cmd files for future Make 2018-07-11 16:29:21 +02:00
security selinux: KASAN: slab-out-of-bounds in xattr_getsecurity 2018-06-05 11:41:56 +02:00
sound ALSA: hda - Handle pm failure during hotplug 2018-07-17 11:39:29 +02:00
tools tools build: fix # escaping in .cmd files for future Make 2018-07-17 11:39:30 +02:00
usr initramfs: fix initramfs rebuilds w/ compression after disabling 2017-11-03 07:39:19 -07:00
virt KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr() 2018-06-21 04:02:49 +09:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Add hch to .get_maintainer.ignore 2015-08-21 14:30:10 -07:00
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: rpm-pkg: keep spec file until make mrproper 2018-02-13 10:19:46 +01:00
.mailmap .mailmap: Add Maciej W. Rozycki's Imagination e-mail address 2017-11-10 12:16:15 -08:00
COPYING
CREDITS MAINTAINERS: update TPM driver infrastructure changes 2017-11-09 17:58:40 -08:00
Kbuild License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
MAINTAINERS dt-bindings: Document mti,mips-cpc binding 2018-03-15 10:54:35 +01:00
Makefile Linux 4.14.56 2018-07-17 11:39:34 +02:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

README 

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.