Re: [PATCH] firewire: nosy: don't read packets bigger than requested

2018-09-18 Thread Stefan Richter
On Sep 03 Randy Dunlap wrote: > On 09/03/2018 08:55 AM, Jann Horn wrote: > > On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote: > >> In general, accessing userspace memory beyond the length of the supplied > >> buffer in VFS read/write handlers can lead to both kernel memory corruption > >> (via

Re: [PATCH] firewire: nosy: don't read packets bigger than requested

2018-09-18 Thread Stefan Richter
On Sep 03 Randy Dunlap wrote: > On 09/03/2018 08:55 AM, Jann Horn wrote: > > On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote: > >> In general, accessing userspace memory beyond the length of the supplied > >> buffer in VFS read/write handlers can lead to both kernel memory corruption > >> (via

Re: [PATCH] firewire: nosy: don't read packets bigger than requested

2018-09-03 Thread Randy Dunlap
On 09/03/2018 08:55 AM, Jann Horn wrote: > On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote: >> In general, accessing userspace memory beyond the length of the supplied >> buffer in VFS read/write handlers can lead to both kernel memory corruption >> (via kernel_read()/kernel_write(), which can

Re: [PATCH] firewire: nosy: don't read packets bigger than requested

2018-09-03 Thread Randy Dunlap
On 09/03/2018 08:55 AM, Jann Horn wrote: > On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote: >> In general, accessing userspace memory beyond the length of the supplied >> buffer in VFS read/write handlers can lead to both kernel memory corruption >> (via kernel_read()/kernel_write(), which can

Re: [PATCH] firewire: nosy: don't read packets bigger than requested

2018-09-03 Thread Jann Horn
On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote: > In general, accessing userspace memory beyond the length of the supplied > buffer in VFS read/write handlers can lead to both kernel memory corruption > (via kernel_read()/kernel_write(), which can e.g. be triggered via > sys_splice()) and

Re: [PATCH] firewire: nosy: don't read packets bigger than requested

2018-09-03 Thread Jann Horn
On Fri, Jul 6, 2018 at 5:16 PM Jann Horn wrote: > In general, accessing userspace memory beyond the length of the supplied > buffer in VFS read/write handlers can lead to both kernel memory corruption > (via kernel_read()/kernel_write(), which can e.g. be triggered via > sys_splice()) and

[PATCH] firewire: nosy: don't read packets bigger than requested

2018-07-06 Thread Jann Horn
In general, accessing userspace memory beyond the length of the supplied buffer in VFS read/write handlers can lead to both kernel memory corruption (via kernel_read()/kernel_write(), which can e.g. be triggered via sys_splice()) and privilege escalation inside userspace. Fixes: 286468210d83

[PATCH] firewire: nosy: don't read packets bigger than requested

2018-07-06 Thread Jann Horn
In general, accessing userspace memory beyond the length of the supplied buffer in VFS read/write handlers can lead to both kernel memory corruption (via kernel_read()/kernel_write(), which can e.g. be triggered via sys_splice()) and privilege escalation inside userspace. Fixes: 286468210d83