Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c4d1fcf3 authored by Andi Kleen's avatar Andi Kleen Committed by Linus Torvalds
Browse files

[PATCH] x86_64: Don't allow accesses below register frame in ptrace 



There was a "off by one quad word" error in there.  I don't think it is
exploitable because it will only store into a unused area, but better to plug
it.

Found and fixed by John Blackwood

Signed-off-by: default avatarAndi Kleen <ak@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent b41e2939

arch/x86_64/kernel/ptrace.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -380,7 +380,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data 
			break;

			break;





		switch (addr) { 

		switch (addr) { 

		case 0 ... sizeof(struct user_regs_struct):

		case 0 ... sizeof(struct user_regs_struct) - sizeof(long):

			tmp = getreg(child, addr);

			tmp = getreg(child, addr);

			break;

			break;

		case offsetof(struct user, u_debugreg[0]):

		case offsetof(struct user, u_debugreg[0]):
@@ -425,7 +425,7 @@ asmlinkage long sys_ptrace(long request, long pid, unsigned long addr, long data 
			break;

			break;





		switch (addr) { 

		switch (addr) { 

		case 0 ... sizeof(struct user_regs_struct): 

		case 0 ... sizeof(struct user_regs_struct) - sizeof(long):

			ret = putreg(child, addr, data);

			ret = putreg(child, addr, data);

			break;

			break;

		/* Disallows to set a breakpoint into the vsyscall */

		/* Disallows to set a breakpoint into the vsyscall */