oss-security - Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 11 Jul 2018 10:15:34 +0800
From: <zrlw@...a.com>
To: "Greg KH" <greg@...ah.com>, "oss-security" <oss-security@...ts.openwall.com>,
Cc: "Solar Designer" <solar@...nwall.com>
Subject: Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook

i think commit be83bbf80682 maybe has a problem: if file_mmap_size_max return 0 (not regular, not block, fmode & FMODE_UNSIGNED_OFFSET == true) , maxsize will be set to -len, correct? 
+static inline bool file_mmap_ok(struct file *file, struct inode *inode,
+               unsigned long pgoff, unsigned long len)
+{
+   u64 maxsize = file_mmap_size_max(file, inode);
+
+   if (maxsize && len > maxsize)
+       return false;
+   maxsize -= len;                                         <==  maxsize = -len when file_mmap_size_max return 0 
+   if (pgoff > maxsize >> PAGE_SHIFT)
+       return false;
+   return true;
+}
+

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.