Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Jul 2018 10:15:34 +0800
From: <zrlw@...a.com>
To: "Greg KH" <greg@...ah.com>, "oss-security" <oss-security@...ts.openwall.com>,
Cc: "Solar Designer" <solar@...nwall.com>
Subject: Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook

i think commit be83bbf80682 maybe has a problem: if file_mmap_size_max return 0 (not regular, not block, fmode & FMODE_UNSIGNED_OFFSET == true) , maxsize will be set to -len, correct? 
+static inline bool file_mmap_ok(struct file *file, struct inode *inode,
+               unsigned long pgoff, unsigned long len)
+{
+   u64 maxsize = file_mmap_size_max(file, inode);
+
+   if (maxsize && len > maxsize)
+       return false;
+   maxsize -= len;                                         <==  maxsize = -len when file_mmap_size_max return 0 
+   if (pgoff > maxsize >> PAGE_SHIFT)
+       return false;
+   return true;
+}
+

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ