mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 12:57:53 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/tomoyo
History
Tetsuo Handa 3bfe04c127 tomoyo: fix UAF write bug in tomoyo_write_control() 
commit 2f03fc340c upstream.

Since tomoyo_write_control() updates head->write_buf when write()
of long lines is requested, we need to fetch head->write_buf after
head->io_sem is held.  Otherwise, concurrent write() requests can
cause use-after-free-write and double-free problems.

Reported-by: Sam Sun <samsun1006219@gmail.com>
Closes: https://lkml.kernel.org/r/CAEkJfYNDspuGxYx5kym8Lvp--D36CMDUErg4rxfWFJuPbbji8g@mail.gmail.com
Fixes: bd03a3e4c9 ("TOMOYO: Add policy namespace support.")
Cc:  <stable@vger.kernel.org> # Linux 3.1+
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-03-06 14:45:09 +00:00
..
policy
.gitignore
audit.c
common.c tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-06 14:45:09 +00:00
common.h
condition.c
domain.c
environ.c
file.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
gc.c
group.c
Kconfig
load_policy.c
Makefile tomoyo: fix broken dependency on *.conf.default 2023-02-01 08:34:06 +01:00
memory.c
mount.c
network.c
realpath.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
securityfs_if.c
tomoyo.c lsm: new security_file_ioctl_compat() hook 2024-01-31 16:17:00 -08:00
util.c