From: Yang Yang <[email protected]> Userspace may use syscall with invalid syscall number by calling syscall(syscall_num,..). For example we found openSSH may use syscall with syscall number is -1 in some case. When that happens we better do a quick handle no need to gohead.
Signed-off-by: Yang Yang <[email protected]> Reported-by: Zeal Robot <[email protected]> --- kernel/auditsc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ea2ee1181921..806cd57d7f20 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2077,7 +2077,8 @@ void __audit_syscall_exit(int success, long return_code) struct audit_context *context = audit_context(); if (!context || context->dummy || - context->context != AUDIT_CTX_SYSCALL) + context->context != AUDIT_CTX_SYSCALL || + unlikely(context->major < 0 || context->major > NR_syscalls)) goto out; /* this may generate CONFIG_CHANGE records */ -- 2.25.1 -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
