capabilities: simplify bound checks for copy_from_user() The capabilities syscall has a copy_from_user() call where gcc currently cannot prove to itself that the copy is always within bounds. This patch adds a very explicity bound check to prove to gcc that this copy_from_user cannot overflow its destination buffer. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: James Morris <jmorris@namei.org>

commit: 825332e4ff1373c55d931b49408df7ec2298f71e [log] [tgz]
author: Arjan van de Ven <arjan@infradead.org> Wed Oct 14 08:17:36 2009 +1100
committer: James Morris <jmorris@namei.org> Wed Oct 14 08:17:36 2009 +1100
tree: f489a311e576eb1b45ff62cbc0cccbe3bea2baeb
parent: a27ab9f26b729326778271c1efd895aef4fda1c4 [diff] [blame]
diff --git a/kernel/capability.c b/kernel/capability.c
index 4e17041..c2316d3 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c

@@ -238,7 +238,7 @@
 SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data)
 {
 	struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
-	unsigned i, tocopy;
+	unsigned i, tocopy, copybytes;
 	kernel_cap_t inheritable, permitted, effective;
 	struct cred *new;
 	int ret;
@@ -255,8 +255,11 @@
 	if (pid != 0 && pid != task_pid_vnr(current))
 		return -EPERM;
 
-	if (copy_from_user(&kdata, data,
-			   tocopy * sizeof(struct __user_cap_data_struct)))
+	copybytes = tocopy * sizeof(struct __user_cap_data_struct);
+	if (copybytes > sizeof(kdata))
+		return -EFAULT;
+
+	if (copy_from_user(&kdata, data, copybytes))
 		return -EFAULT;
 
 	for (i = 0; i < tocopy; i++) {
commit	825332e4ff1373c55d931b49408df7ec2298f71e	[log] [tgz]
author	Arjan van de Ven <arjan@infradead.org>	Wed Oct 14 08:17:36 2009 +1100
committer	James Morris <jmorris@namei.org>	Wed Oct 14 08:17:36 2009 +1100
tree	f489a311e576eb1b45ff62cbc0cccbe3bea2baeb
parent	a27ab9f26b729326778271c1efd895aef4fda1c4 [diff] [blame]