Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 47e8bd19 authored by Eric Biggers's avatar Eric Biggers Committed by Greg Kroah-Hartman
Browse files

KEYS: fix writing past end of user-supplied buffer in keyring_read() 



commit e645016abc803dafc75e4b8f6e4118f088900ffb upstream.

Userspace can call keyctl_read() on a keyring to get the list of IDs of
keys in the keyring.  But if the user-supplied buffer is too small, the
kernel would write the full list anyway --- which will corrupt whatever
userspace memory happened to be past the end of the buffer.  Fix it by
only filling the space that is available.

Fixes: b2a4df20 ("KEYS: Expand the capacity of a keyring")
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 0c70fb88
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment