From: Christian Brauner christian@brauner.io
commit 7f2923c4f73f21cfd714d12a2d48de8c21f11cfe upstream.
proc_get_long() is a funny function. It uses simple_strtoul() and for a good reason. proc_get_long() wants to always succeed the parse and return the maybe incorrect value and the trailing characters to check against a pre-defined list of acceptable trailing values. However, simple_strtoul() explicitly ignores overflows which can cause funny things like the following to happen:
echo 18446744073709551616 > /proc/sys/fs/file-max cat /proc/sys/fs/file-max 0
(Which will cause your system to silently die behind your back.)
On the other hand kstrtoul() does do overflow detection but does not return the trailing characters, and also fails the parse when anything other than '\n' is a trailing character whereas proc_get_long() wants to be more lenient.
Now, before adding another kstrtoul() function let's simply add a static parse strtoul_lenient() which: - fails on overflow with -ERANGE - returns the trailing characters to the caller
The reason why we should fail on ERANGE is that we already do a partial fail on overflow right now. Namely, when the TMPBUFLEN is exceeded. So we already reject values such as 184467440737095516160 (21 chars) but accept values such as 18446744073709551616 (20 chars) but both are overflows. So we should just always reject 64bit overflows and not special-case this based on the number of chars.
Link: http://lkml.kernel.org/r/20190107222700.15954-2-christian@brauner.io Signed-off-by: Christian Brauner christian@brauner.io Acked-by: Kees Cook keescook@chromium.org Cc: "Eric W. Biederman" ebiederm@xmission.com Cc: Luis Chamberlain mcgrof@kernel.org Cc: Joe Lawrence joe.lawrence@redhat.com Cc: Waiman Long longman@redhat.com Cc: Dominik Brodowski linux@dominikbrodowski.net Cc: Al Viro viro@zeniv.linux.org.uk Cc: Alexey Dobriyan adobriyan@gmail.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Cc: Joerg Vehlow lkml@jv-coder.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- kernel/sysctl.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index dd01fd0e121f8..12eb6c769afcc 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -71,6 +71,8 @@
#include "../lib/kstrtox.h"
+#include "../lib/kstrtox.h" + #include <linux/uaccess.h> #include <asm/processor.h>