Please sign in to comment.
fix infoleak in waitid(2)
kernel_waitid() can return a PID, an error or 0. rusage is filled in the first case and waitid(2) rusage should've been copied out exactly in that case, *not* whenever kernel_waitid() has not returned an error. Compat variant shares that braino; none of kernel_wait4() callers do, so the below ought to fix it. Reported-and-tested-by: Alexander Potapenko <email@example.com> Fixes: ce72a16 ("wait4(2)/waitid(2): separate copying rusage to userland") Cc: firstname.lastname@example.org # v4.13 Signed-off-by: Al Viro <email@example.com>
- Loading branch information...