Re: NGROUPS 2.6.2rc2

On Tue, 27 Jan 2004, Tim Hockin wrote:
> On Tue, Jan 27, 2004 at 04:46:15PM -0800, Andrew Morton wrote:
> > +
> > +	if (info->ngroups > TASK_SIZE/sizeof(group))
> > +		return -EFAULT;
> > +	if (!access_ok(VERIFY_WRITE, grouplist, info->ngroups * sizeof(group)))
> > +		return -EFAULT;
> > 
> > Why are many functions playing with TASK_SIZE?
> 
> Not sure - I thought it was maybe a paranoid check, Rusty included it in his
> version of a similar patch a while ago.

Yes, a necessary paranoid check: without it, info->ngroups * sizeof(group)
can easily wrap to something small, and access_ok pass when it should fail.

Hugh

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo _at_ vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:

Re: NGROUPS 2.6.2rc2Hugh Dickins

References:

Re: NGROUPS 2.6.2rc2Tim Hockin

Prev by Date: Re: BitKeeper repo for KGDB
Next by Date: Re: [PATCH 4/8] autofs4-2.6 - to support autofs 4.1.x
Previous by thread: Re: NGROUPS 2.6.2rc2
Next by thread: Re: NGROUPS 2.6.2rc2
Indexes:[Main][Thread]