diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2018-10-11 03:29:44 +0200 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2018-10-11 03:34:14 +0200 |
commit | a36700589b85443e28170be59fa11c8a104130a5 (patch) | |
tree | e845a14e4499d6bd3bbab6ac4a1c6b84e2b60f96 /kernel/signal.c | |
parent | signal: Guard against negative signal numbers in copy_siginfo_from_user (diff) | |
download | linux-a36700589b85443e28170be59fa11c8a104130a5.tar.xz linux-a36700589b85443e28170be59fa11c8a104130a5.zip |
signal: Guard against negative signal numbers in copy_siginfo_from_user32
While fixing an out of bounds array access in known_siginfo_layout
reported by the kernel test robot it became apparent that the same bug
exists in siginfo_layout and affects copy_siginfo_from_user32.
The straight forward fix that makes guards against making this mistake
in the future and should keep the code size small is to just take an
unsigned signal number instead of a signed signal number, as I did to
fix known_siginfo_layout.
Cc: stable@vger.kernel.org
Fixes: cc731525f26a ("signal: Remove kernel interal si_code magic")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel/signal.c')
-rw-r--r-- | kernel/signal.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/signal.c b/kernel/signal.c index 5f5bf374512b..4fd431ce4f91 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -2879,7 +2879,7 @@ static bool known_siginfo_layout(unsigned sig, int si_code) return false; } -enum siginfo_layout siginfo_layout(int sig, int si_code) +enum siginfo_layout siginfo_layout(unsigned sig, int si_code) { enum siginfo_layout layout = SIL_KILL; if ((si_code > SI_USER) && (si_code < SI_KERNEL)) { |