Re: drivers/s390/char/keyboard.c kernel stack infoleak

From: Thomas Huth
Date: Sat Aug 05 2017 - 03:12:46 EST

Next message: Ding Tianhong: "[PATCH v9 3/4] net/cxgb4: Use new PCI_DEV_FLAGS_NO_RELAXED_ORDERING flag"
Previous message: Ding Tianhong: "Re: [PATCH v8 1/4] PCI: Add new PCIe Fabric End Node flag, PCI_DEV_FLAGS_NO_RELAXED_ORDERING"
In reply to: Heiko Carstens: "Re: drivers/s390/char/keyboard.c kernel stack infoleak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05.08.2017 03:57, sohu0106 wrote:
> My idea is
>
> struct kbdiacr {
> unsigned char diacr, base, result;
> };
>
> sizeof(struct kbdiacr)=4
>
> here we just set 3 bytes
> case KDGKBDIACR:
> {
> struct kbdiacrs __user *a = argp;
> struct kbdiacr diacr;
> int i;
>
> if (put_user(kbd->accent_table_size, &a->kb_cnt))
> return -EFAULT;
> for (i = 0; i < kbd->accent_table_size; i++) {
> diacr.diacr = kbd->accent_table[i].diacr;
> diacr.base = kbd->accent_table[i].base;
> diacr.result = kbd->accent_table[i].result;
> if (copy_to_user(a->kbdiacr + i, &diacr, sizeof(struct kbdiacr)))
> Is there anything I haven't noticed?

Yes: sizeof(struct kbdiacr) is 3 here.

Thomas

Next message: Ding Tianhong: "[PATCH v9 3/4] net/cxgb4: Use new PCI_DEV_FLAGS_NO_RELAXED_ORDERING flag"
Previous message: Ding Tianhong: "Re: [PATCH v8 1/4] PCI: Add new PCIe Fabric End Node flag, PCI_DEV_FLAGS_NO_RELAXED_ORDERING"
In reply to: Heiko Carstens: "Re: drivers/s390/char/keyboard.c kernel stack infoleak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]