FROMLIST: binder: check offset alignment in binder_get_object()
Commit 6d98eb95 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is needed here. This avoids later complications when unwinding the objects gets harder. It is worth noting this check existed prior to commit 7a67a393 ("binder: add function to copy binder object from buffer"), likely removed due to redundancy at the time. Fixes: 6d98eb95 ("binder: avoid potential data leakage when copying txn") Cc: <stable@vger.kernel.org> Acked-by:Todd Kjos <tkjos@google.com> Signed-off-by:
Carlos Llamas <cmllamas@google.com> Bug: 320661088 Link: https://lore.kernel.org/all/20240330190115.1877819-1-cmllamas@google.com/ Signed-off-by:
Loading
-
mentioned in commit 1bbb29f8
-
mentioned in commit 03c0e6c9
-
mentioned in commit 1b2a61ac
-
mentioned in commit 354e67bb
-
mentioned in commit 86c83027
-
mentioned in commit 1a984cbd
-
mentioned in commit d52c4ecf
-
mentioned in commit 2366df17
-
mentioned in commit 6d673158
-
mentioned in commit 90bb1c94
-
mentioned in commit 30f606fa
-
mentioned in commit 62b257db
-
mentioned in commit a85dbd4d
-
mentioned in commit 3cbe1465
-
mentioned in commit 569fd731
-
mentioned in commit 5e5adb0e
Please sign in to comment