diff options
author | Eric Biggers <ebiggers@google.com> | 2017-09-18 11:36:45 -0700 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2017-09-25 15:19:57 +0100 |
commit | e645016abc803dafc75e4b8f6e4118f088900ffb (patch) | |
tree | 93714c8259d9bb33ae016a8dcf9239e77af00d81 /sound/sh | |
parent | 7fc0786d956d9e59b68d282be9b156179846ea3d (diff) | |
download | linux-e645016abc803dafc75e4b8f6e4118f088900ffb.tar.bz2 |
KEYS: fix writing past end of user-supplied buffer in keyring_read()
Userspace can call keyctl_read() on a keyring to get the list of IDs of
keys in the keyring. But if the user-supplied buffer is too small, the
kernel would write the full list anyway --- which will corrupt whatever
userspace memory happened to be past the end of the buffer. Fix it by
only filling the space that is available.
Fixes: b2a4df200d57 ("KEYS: Expand the capacity of a keyring")
Cc: <stable@vger.kernel.org> [v3.13+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'sound/sh')
0 files changed, 0 insertions, 0 deletions