[Devel] proc_keys_show: fix for buffer overflow

Submitted by Igor Redko on Oct. 25, 2016, 1:30 p.m.


Message ID 1477402241-843412-1-git-send-email-redkoi@virtuozzo.com
State New
Series "proc_keys_show: fix for buffer overflow"
Headers show

Commit Message

Igor Redko Oct. 25, 2016, 1:30 p.m.
CVE-2016-7042, PSBM-53937
upstream: 3e3a29b99c670aacd894f2717b6cca1eafaeb2e4

It was found that when gcc stack protector is turned on,
proc_keys_show() can cause a panic in the Linux kernel due to
the stack corruption. This happens because xbuf[] is not big
enough to hold a 64-bit timeout value rendered as weeks.
It isn't in upstream for now, but seems to be trivial.

Signed-off-by: Igor Redko <redkoi@virtuozzo.com>
 security/keys/proc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/security/keys/proc.c b/security/keys/proc.c
index 88e9a46..350f5f6 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -187,7 +187,7 @@  static int proc_keys_show(struct seq_file *m, void *v)
 	struct timespec now;
 	unsigned long timo;
 	key_ref_t key_ref, skey_ref;
-	char xbuf[12];
+	char xbuf[16];
 	int rc;
 	struct keyring_search_context ctx = {