Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d4b0bcf3 authored by David Teigland's avatar David Teigland
Browse files

dlm: check the write size from user 



Return EINVAL from write if the size is larger than
allowed.  Do this before allocating kernel memory for
the bogus size, which could lead to OOM.

Reported-by: default avatarSasha Levin <levinsasha928@gmail.com>
Tested-by: default avatarJana Saout <jana@saout.de>
Signed-off-by: default avatarDavid Teigland <teigland@redhat.com>
parent 6edacf05

fs/dlm/user.c

+4 −4
Original line number Diff line number Diff line
@@ -503,11 +503,11 @@ static ssize_t device_write(struct file *file, const char __user *buf, 
#endif

		return -EINVAL;



#ifdef CONFIG_COMPAT

	if (count > sizeof(struct dlm_write_request32) + DLM_RESNAME_MAXLEN)

#else

	/*

	 * can't compare against COMPAT/dlm_write_request32 because

	 * we don't yet know if is64bit is zero

	 */

	if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN)

#endif

		return -EINVAL;



	kbuf = kzalloc(count + 1, GFP_NOFS);