summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2020-01-03 03:42:10 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2020-01-03 03:42:10 +0300
commitbf6dd9a58ebaba2608d2aebd2a7a704014121f16 (patch)
tree06e3b17d4bb428fadc944e2680a11bd68c086865 /kernel
parent278b14eb920322255bf5b831e2bcfc1bf5999036 (diff)
parente4ab5ccc357b978999328fadae164e098c26fa40 (diff)
downloadlinux-bf6dd9a58ebaba2608d2aebd2a7a704014121f16.tar.xz
Merge tag 'seccomp-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull seccomp fixes from Kees Cook: "Fixes for seccomp_notify_ioctl uapi sanity from Sargun Dhillon. The bulk of this is fixing the surrounding samples and selftests so that seccomp can correctly validate the seccomp_notify_ioctl buffer as being initially zeroed. Summary: - Fix samples and selftests to zero passed-in buffer - Enforce zeroed buffer checking - Verify buffer sanity check in selftest" * tag 'seccomp-v5.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV seccomp: Check that seccomp_notif is zeroed out by the user selftests/seccomp: Zero out seccomp_notif samples/seccomp: Zero out members based on seccomp_notif_sizes
Diffstat (limited to 'kernel')
-rw-r--r--kernel/seccomp.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 12d2227e5786..b6ea3dcb57bf 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1026,6 +1026,13 @@ static long seccomp_notify_recv(struct seccomp_filter *filter,
struct seccomp_notif unotif;
ssize_t ret;
+ /* Verify that we're not given garbage to keep struct extensible. */
+ ret = check_zeroed_user(buf, sizeof(unotif));
+ if (ret < 0)
+ return ret;
+ if (!ret)
+ return -EINVAL;
+
memset(&unotif, 0, sizeof(unotif));
ret = down_interruptible(&filter->notif->request);