summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2017-07-21 04:38:43 +0200
committerDavid S. Miller <davem@davemloft.net>2017-07-21 04:38:43 +0200
commit7a68ada6ec7d88c68057d3a4c2a517eb94289976 (patch)
tree51cd586e74fc92bfbdf382fa1544a235d908b25c /security
parentcxgb4: display serial config and vpd versions (diff)
parentMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (diff)
downloadlinux-7a68ada6ec7d88c68057d3a4c2a517eb94289976.tar.xz
linux-7a68ada6ec7d88c68057d3a4c2a517eb94289976.zip
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'security')
-rw-r--r--security/Kconfig7
-rw-r--r--security/keys/compat_dh.c2
-rw-r--r--security/keys/dh.c5
-rw-r--r--security/keys/internal.h2
4 files changed, 15 insertions, 1 deletions
diff --git a/security/Kconfig b/security/Kconfig
index d540bfe73190..e8e449444e65 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -163,6 +163,13 @@ config HARDENED_USERCOPY_PAGESPAN
been removed. This config is intended to be used only while
trying to find such users.
+config FORTIFY_SOURCE
+ bool "Harden common str/mem functions against buffer overflows"
+ depends on ARCH_HAS_FORTIFY_SOURCE
+ help
+ Detect overflows of buffers in common string and memory functions
+ where the compiler can determine and validate the buffer sizes.
+
config STATIC_USERMODEHELPER
bool "Force all usermode helper calls through a single binary"
help
diff --git a/security/keys/compat_dh.c b/security/keys/compat_dh.c
index a6a659b6bcb6..aa6b34cafe5f 100644
--- a/security/keys/compat_dh.c
+++ b/security/keys/compat_dh.c
@@ -33,6 +33,8 @@ long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params,
kdfcopy.hashname = compat_ptr(compat_kdfcopy.hashname);
kdfcopy.otherinfo = compat_ptr(compat_kdfcopy.otherinfo);
kdfcopy.otherinfolen = compat_kdfcopy.otherinfolen;
+ memcpy(kdfcopy.__spare, compat_kdfcopy.__spare,
+ sizeof(kdfcopy.__spare));
return __keyctl_dh_compute(params, buffer, buflen, &kdfcopy);
}
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 4755d4b4f945..d1ea9f325f94 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -266,6 +266,11 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
if (kdfcopy) {
char *hashname;
+ if (memchr_inv(kdfcopy->__spare, 0, sizeof(kdfcopy->__spare))) {
+ ret = -EINVAL;
+ goto out1;
+ }
+
if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN ||
kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) {
ret = -EMSGSIZE;
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 91bc6214ae57..1c02c6547038 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -198,7 +198,7 @@ struct request_key_auth {
void *callout_info;
size_t callout_len;
pid_t pid;
-};
+} __randomize_layout;
extern struct key_type key_type_request_key_auth;
extern struct key *request_key_auth_new(struct key *target,