public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug libc/26637] New: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel @ 2020-09-20 0:41 ldv at sourceware dot org 2020-09-20 20:22 ` [Bug libc/26637] " adhemerval.zanella at linaro dot org ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: ldv at sourceware dot org @ 2020-09-20 0:41 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=26637 Bug ID: 26637 Summary: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel Product: glibc Version: 2.32 Status: NEW Severity: normal Priority: P2 Component: libc Assignee: unassigned at sourceware dot org Reporter: ldv at sourceware dot org CC: drepper.fsp at gmail dot com Target Milestone: --- Flags: security- The kernel receives garbage instead of union semun.buf address specified by the caller. $ git --no-pager grep -wc SEM_STAT_ANY sysdeps/unix/sysv/linux/semctl.c sysdeps/unix/sysv/linux/semctl.c:2 $ git --no-pager grep -wc SEM_STAT sysdeps/unix/sysv/linux/semctl.c sysdeps/unix/sysv/linux/semctl.c:8 A tentative fix: diff --git a/sysdeps/unix/sysv/linux/semctl.c b/sysdeps/unix/sysv/linux/semctl.c index f131a26fc7..1cdabde8f2 100644 --- a/sysdeps/unix/sysv/linux/semctl.c +++ b/sysdeps/unix/sysv/linux/semctl.c @@ -102,6 +102,7 @@ semun64_to_ksemun64 (int cmd, union semun64 semun64, r.array = semun64.array; break; case SEM_STAT: + case SEM_STAT_ANY: case IPC_STAT: case IPC_SET: r.buf = buf; @@ -150,6 +151,7 @@ __semctl64 (int semid, int semnum, int cmd, ...) case IPC_STAT: /* arg.buf */ case IPC_SET: case SEM_STAT: + case SEM_STAT_ANY: case IPC_INFO: /* arg.__buf */ case SEM_INFO: va_start (ap, cmd); @@ -238,6 +240,7 @@ semun_to_semun64 (int cmd, union semun semun, struct __semid64_ds *semid64) r.array = semun.array; break; case SEM_STAT: + case SEM_STAT_ANY: case IPC_STAT: case IPC_SET: r.buf = semid64; @@ -267,6 +270,7 @@ __semctl (int semid, int semnum, int cmd, ...) case IPC_STAT: /* arg.buf */ case IPC_SET: case SEM_STAT: + case SEM_STAT_ANY: case IPC_INFO: /* arg.__buf */ case SEM_INFO: va_start (ap, cmd); @@ -321,6 +325,7 @@ __semctl_mode16 (int semid, int semnum, int cmd, ...) case IPC_STAT: /* arg.buf */ case IPC_SET: case SEM_STAT: + case SEM_STAT_ANY: case IPC_INFO: /* arg.__buf */ case SEM_INFO: va_start (ap, cmd); @@ -354,6 +359,7 @@ __old_semctl (int semid, int semnum, int cmd, ...) case IPC_STAT: /* arg.buf */ case IPC_SET: case SEM_STAT: + case SEM_STAT_ANY: case IPC_INFO: /* arg.__buf */ case SEM_INFO: va_start (ap, cmd); -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/26637] semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel 2020-09-20 0:41 [Bug libc/26637] New: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel ldv at sourceware dot org @ 2020-09-20 20:22 ` adhemerval.zanella at linaro dot org 2020-10-02 19:41 ` adhemerval.zanella at linaro dot org ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: adhemerval.zanella at linaro dot org @ 2020-09-20 20:22 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=26637 Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|unassigned at sourceware dot org |adhemerval.zanella at linaro dot o | |rg CC| |adhemerval.zanella at linaro dot o | |rg -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/26637] semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel 2020-09-20 0:41 [Bug libc/26637] New: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel ldv at sourceware dot org 2020-09-20 20:22 ` [Bug libc/26637] " adhemerval.zanella at linaro dot org @ 2020-10-02 19:41 ` adhemerval.zanella at linaro dot org 2021-01-05 16:52 ` fweimer at redhat dot com 2022-11-10 10:37 ` fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: adhemerval.zanella at linaro dot org @ 2020-10-02 19:41 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=26637 Adhemerval Zanella <adhemerval.zanella at linaro dot org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.33 --- Comment #1 from Adhemerval Zanella <adhemerval.zanella at linaro dot org> --- Fixed on 2.33 (574500a108be1d2a6a0dc97a075c9e0a98371aba) -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/26637] semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel 2020-09-20 0:41 [Bug libc/26637] New: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel ldv at sourceware dot org 2020-09-20 20:22 ` [Bug libc/26637] " adhemerval.zanella at linaro dot org 2020-10-02 19:41 ` adhemerval.zanella at linaro dot org @ 2021-01-05 16:52 ` fweimer at redhat dot com 2022-11-10 10:37 ` fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2021-01-05 16:52 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=26637 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fweimer at redhat dot com See Also| |https://bugzilla.redhat.com | |/show_bug.cgi?id=1912670 -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/26637] semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel 2020-09-20 0:41 [Bug libc/26637] New: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel ldv at sourceware dot org ` (2 preceding siblings ...) 2021-01-05 16:52 ` fweimer at redhat dot com @ 2022-11-10 10:37 ` fweimer at redhat dot com 3 siblings, 0 replies; 5+ messages in thread From: fweimer at redhat dot com @ 2022-11-10 10:37 UTC (permalink / raw) To: glibc-bugs https://sourceware.org/bugzilla/show_bug.cgi?id=26637 Florian Weimer <fweimer at redhat dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://sourceware.org/bugz | |illa/show_bug.cgi?id=29771 -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-11-10 10:37 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-09-20 0:41 [Bug libc/26637] New: semctl SEM_STAT_ANY fails to pass the buffer specified by the caller to the kernel ldv at sourceware dot org 2020-09-20 20:22 ` [Bug libc/26637] " adhemerval.zanella at linaro dot org 2020-10-02 19:41 ` adhemerval.zanella at linaro dot org 2021-01-05 16:52 ` fweimer at redhat dot com 2022-11-10 10:37 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).