Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Blob Blame History Raw

From: George Kennedy <george.kennedy@oracle.com>
Date: Mon, 27 Feb 2023 15:21:41 -0500
Subject: vc_screen: modify vcs_size() handling in vcs_read()
Git-commit: 46d733d0efc79bc8430d63b57ab88011806d5180
Patch-mainline: 6.3-rc1
References: bsc#1213167 CVE-2023-3567

Restore the vcs_size() handling in vcs_read() to what
it had been in previous version.

Fixes: 226fae124b2d ("vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF")
Suggested-by: Jiri Slaby <jirislaby@kernel.org>
Signed-off-by: George Kennedy <george.kennedy@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/tty/vt/vc_screen.c |    4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/drivers/tty/vt/vc_screen.c
+++ b/drivers/tty/vt/vc_screen.c
@@ -244,10 +244,8 @@ vcs_read(struct file *file, char __user
 		 */
 		size = vcs_size(inode);
 		if (size < 0) {
-			if (read)
-				break;
 			ret = size;
-			goto unlock_out;
+			break;
 		}
 		if (pos >= size)
 			break;

kernel / kernel-source

Source Code

Files