• Subash Abhinov Kasiviswanathan's avatar
    sysctl: handle error writing UINT_MAX to u32 fields · f4cea51e
    Subash Abhinov Kasiviswanathan authored
    commit e7d316a0 upstream.
    
    We have scripts which write to certain fields on 3.18 kernels but this
    seems to be failing on 4.4 kernels.  An entry which we write to here is
    xfrm_aevent_rseqth which is u32.
    
      echo 4294967295  > /proc/sys/net/core/xfrm_aevent_rseqth
    
    Commit 230633d1 ("kernel/sysctl.c: detect overflows when converting
    to int") prevented writing to sysctl entries when integer overflow
    occurs.  However, this does not apply to unsigned integers.
    
    Heinrich suggested that we introduce a new option to handle 64 bit
    limits and set min as 0 and max as UINT_MAX.  This might not work as it
    leads to issues similar to __do_proc_doulongvec_minmax.  Alternatively,
    we would need to change the datatype of the entry to 64 bit.
    
      static int __do_proc_doulongvec_minmax(void *data, struct ctl_table
      {
          i = (unsigned long *) data;   //This cast is causing to read beyond the size of data (u32)
          vleft = table->maxlen / sizeof(unsigned long); //vleft is 0 because maxlen is sizeof(u32) which is lesser than sizeof(unsigned long) on x86_64.
    
    Introduce a new proc handler proc_douintvec.  Individual proc entries
    will need to be updated to use the new handler.
    
    [akpm@linux-foundation.org: coding-style fixes]
    Fixes: 230633d1 ("kernel/sysctl.c:detect overflows when converting to int")
    Link: http://lkml.kernel.org/r/1471479806-5252-1-git-send-email-subashab@codeaurora.orgSigned-off-by: default avatarSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>
    Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: "David S. Miller" <davem@davemloft.net>
    Cc: Ingo Molnar <mingo@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    f4cea51e
sysctl.c 67.1 KB