Don't attempt to read the first two elements of name[] unless they
were actually copied from the userspace.
This bug has been detected by KMSAN.
Signed-off-by: Alexander Potapenko <[email protected]>
---
kernel/sysctl_binary.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
index ece4b177052b..38d6ba22a209 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1346,7 +1346,7 @@ static void deprecated_sysctl_warning(const int *name, int nlen)
* CTL_KERN/KERN_VERSION is used by older glibc and cannot
* ever go away.
*/
- if (name[0] == CTL_KERN && name[1] == KERN_VERSION)
+ if (nlen >= 2 && name[0] == CTL_KERN && name[1] == KERN_VERSION)
return;
if (printk_ratelimit()) {
--
2.13.2.725.g09c95d1e9-goog
On Wed, 28 Jun 2017 17:00:37 +0200 Alexander Potapenko <[email protected]> wrote:
> Don't attempt to read the first two elements of name[] unless they
> were actually copied from the userspace.
>
> This bug has been detected by KMSAN.
Thanks. I already have the identical
http://ozlabs.org/~akpm/mmots/broken-out/sysctl-check-name-array-length-in-deprecated_sysctl_warning.patch