Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

author: David S. Miller <davem@davemloft.net> 2017-07-20 22:38:43 -0400
committer: David S. Miller <davem@davemloft.net> 2017-07-20 22:38:43 -0400
commit: 7a68ada6ec7d88c68057d3a4c2a517eb94289976 (patch)
tree: 51cd586e74fc92bfbdf382fa1544a235d908b25c /security
parent: 760446f967678e14ee1b6464ee1bb8562f299fa6 (diff)
parent: 96080f697786e0a30006fcbcc5b53f350fcb3e9f (diff)
4 files changed, 15 insertions, 1 deletions
diff --git a/security/Kconfig b/security/Kconfig
index d540bfe73190..e8e449444e65 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -163,6 +163,13 @@ config HARDENED_USERCOPY_PAGESPAN
          been removed. This config is intended to be used only while
          trying to find such users.
+config FORTIFY_SOURCE
+        bool "Harden common str/mem functions against buffer overflows"
+        depends on ARCH_HAS_FORTIFY_SOURCE
+        help
+          Detect overflows of buffers in common string and memory functions
+          where the compiler can determine and validate the buffer sizes.
 config STATIC_USERMODEHELPER
        bool "Force all usermode helper calls through a single binary"
        help
diff --git a/security/keys/compat_dh.c b/security/keys/compat_dh.c
index a6a659b6bcb6..aa6b34cafe5f 100644
--- a/security/keys/compat_dh.c
+++ b/security/keys/compat_dh.c
@@ -33,6 +33,8 @@ long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params,
        kdfcopy.hashname = compat_ptr(compat_kdfcopy.hashname);
        kdfcopy.otherinfo = compat_ptr(compat_kdfcopy.otherinfo);
        kdfcopy.otherinfolen = compat_kdfcopy.otherinfolen;
+        memcpy(kdfcopy.__spare, compat_kdfcopy.__spare,
+               sizeof(kdfcopy.__spare));
        return __keyctl_dh_compute(params, buffer, buflen, &kdfcopy);
 }
diff --git a/security/keys/dh.c b/security/keys/dh.c
index 4755d4b4f945..d1ea9f325f94 100644
--- a/security/keys/dh.c
+++ b/security/keys/dh.c
@@ -266,6 +266,11 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
        if (kdfcopy) {
                char *hashname;
+                if (memchr_inv(kdfcopy->__spare, 0, sizeof(kdfcopy->__spare))) {
+                        ret = -EINVAL;
+                        goto out1;
+                }
                if (buflen > KEYCTL_KDF_MAX_OUTPUT_LEN ||
                    kdfcopy->otherinfolen > KEYCTL_KDF_MAX_OI_LEN) {
                        ret = -EMSGSIZE;
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 91bc6214ae57..1c02c6547038 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -198,7 +198,7 @@ struct request_key_auth {
        void                    *callout_info;
        size_t                  callout_len;
        pid_t                   pid;
-};
+} __randomize_layout;
 extern struct key_type key_type_request_key_auth;
 extern struct key *request_key_auth_new(struct key *target,
author	David S. Miller <davem@davemloft.net>	2017-07-20 22:38:43 -0400
committer	David S. Miller <davem@davemloft.net>	2017-07-20 22:38:43 -0400
commit	7a68ada6ec7d88c68057d3a4c2a517eb94289976 (patch)
tree	51cd586e74fc92bfbdf382fa1544a235d908b25c /security
parent	760446f967678e14ee1b6464ee1bb8562f299fa6 (diff)
parent	96080f697786e0a30006fcbcc5b53f350fcb3e9f (diff)