linux/block at da99466ac243f15fbba65bd261bfc75ffa1532b6 - linux - Gitea: Git with a cup of tea

IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an email to Administrator. User accounts are meant only to access repo and report issues and/or generate pull requests. This is a purpose-specific Git hosting for BaseALT projects. Thank you for your understanding!

Только зарегистрированные пользователи имеют доступ к сервису! Для получения аккаунта, обратитесь к администратору.

iv/linux

History

Denis Efremov da99466ac2 floppy: fix out-of-bounds read in copy_buffer

This fixes a global out-of-bounds read access in the copy_buffer
function of the floppy driver.

The FDDEFPRM ioctl allows one to set the geometry of a disk.  The sect
and head fields (unsigned int) of the floppy_drive structure are used to
compute the max_sector (int) in the make_raw_rw_request function.  It is
possible to overflow the max_sector.  Next, max_sector is passed to the
copy_buffer function and used in one of the memcpy calls.

An unprivileged user could trigger the bug if the device is accessible,
but requires a floppy disk to be inserted.

The patch adds the check for the .sect * .head multiplication for not
overflowing in the set_geometry function.

The bug was found by syzkaller.

Signed-off-by: Denis Efremov <efremov@ispras.ru>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

2019-07-17 14:45:50 -07:00

..

block: aoe: no need to check return value of debugfs_create functions

2019-06-04 13:38:23 -06:00

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 91

2019-05-24 17:37:53 +02:00

mtip32xx: also set max_segment_size in the device

2019-06-05 13:18:39 -06:00

Linux 5.1-rc6

2019-04-22 09:47:36 -06:00

rsxx: don't call dma_set_max_seg_size

2019-06-05 13:18:39 -06:00

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157

2019-05-30 11:26:37 -07:00

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

amiflop.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

ataflop.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

brd.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

cryptoloop.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 30

2019-05-24 17:27:10 +02:00

floppy.c

floppy: fix out-of-bounds read in copy_buffer

2019-07-17 14:45:50 -07:00

Kconfig

drivers/block: Remove DAC960 driver

2018-10-17 09:42:30 -06:00

loop.c

loop: Don't change loop device under exclusive opener

2019-05-27 07:34:04 -06:00

loop.h

block/loop: Use global lock for ioctl() operation.

2018-11-08 06:30:11 -07:00

Makefile

drivers/block: Remove DAC960 driver

2018-10-17 09:42:30 -06:00

nbd.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 127

2019-05-30 11:25:13 -07:00

null_blk_main.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

null_blk_zoned.c

null_blk: remove duplicate check for report zone

2019-06-13 03:00:30 -06:00

null_blk.h

null_blk: add zoned config support information

2019-01-06 10:58:27 -07:00

pktcdvd.c

block: genhd: remove async_events field

2019-04-12 13:35:22 -06:00

ps3disk.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 164

2019-05-30 11:26:38 -07:00

ps3vram.c

block/ps3vram: Use %llu to format sector_t after LBDAF removal

2019-06-13 03:17:50 -06:00

rbd_types.h

rbd: RBD_V{1,2}_DATA_FORMAT macros

2017-02-20 12:16:15 +01:00

rbd.c

rbd: don't assert on writes to snapshots

2019-05-07 19:43:04 +02:00

skd_main.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 497

2019-06-19 17:09:53 +02:00

skd_s1120.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 497

2019-06-19 17:09:53 +02:00

sunvdc.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

swim3.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

swim_asm.S

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

swim.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152

2019-05-30 11:26:32 -07:00

sx8.c

sx8: use a per-host tag_set

2018-11-09 08:14:14 -07:00

umem.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 349

2019-06-05 17:37:08 +02:00

umem.h

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 348

2019-06-05 17:37:08 +02:00

virtio_blk.c

treewide: Add SPDX license identifier for more missed files

2019-05-21 10:50:45 +02:00

xen-blkfront.c

xen-blkfront: switch kcalloc to kvcalloc for large array allocation

2019-06-03 22:16:19 -04:00

xsysace.c

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500

2019-06-19 17:09:55 +02:00

z2ram.c

powerpc updates for 4.20

2018-10-26 14:36:21 -07:00