Eric Biggers e645016abc KEYS: fix writing past end of user-supplied buffer in keyring_read() ... Userspace can call keyctl_read() on a keyring to get the list of IDs of keys in the keyring. But if the user-supplied buffer is too small, the kernel would write the full list anyway --- which will corrupt whatever userspace memory happened to be past the end of the buffer. Fix it by only filling the space that is available. Fixes: b2a4df200d ("KEYS: Expand the capacity of a keyring") Cc: <stable@vger.kernel.org> [v3.13+] Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com>		2017-09-25 15:19:57 +01:00
..
apparmor	apparmor: Refactor to remove bprm_secureexec hook	2017-08-01 12:03:06 -07:00
integrity	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2017-07-05 11:26:35 -07:00
keys	KEYS: fix writing past end of user-supplied buffer in keyring_read()	2017-09-25 15:19:57 +01:00
loadpin	security: mark LSM hooks as __ro_after_init	2017-03-06 11:00:15 +11:00
selinux	selinux/stable-4.14 PR 20170831	2017-09-12 13:21:00 -07:00
smack	This series has the ultimate goal of providing a sane stack rlimit when	2017-09-07 20:35:29 -07:00
tomoyo	exec: Rename bprm->cred_prepared to called_set_creds	2017-08-01 12:02:48 -07:00
yama	doc: ReSTify Yama.txt	2017-05-18 10:33:04 -06:00
commoncap.c	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace	2017-09-11 18:34:47 -07:00
device_cgroup.c	security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition	2015-09-03 18:13:10 -07:00
inode.c	securityfs: add the ability to support symlinks	2017-06-08 12:51:43 -07:00
Kconfig	include/linux/string.h: add the option of fortified string.h functions	2017-07-12 16:26:03 -07:00
lsm_audit.c	lsm_audit: update my email address	2017-08-17 15:33:39 -04:00
Makefile	LSM: LoadPin for kernel file loading restrictions	2016-04-21 10:47:27 +10:00
min_addr.c
security.c	selinux/stable-4.14 PR 20170831	2017-09-12 13:21:00 -07:00