Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ba8379b2 authored by Chris Wright's avatar Chris Wright Committed by Linus Torvalds
Browse files

[PATCH] bridge: fix possible overflow in get_fdb_entries



Make sure to properly clamp maxnum to avoid overflow

Signed-off-by: default avatarChris Wright <chrisw@sous-sol.org>
Acked-by: default avatarEugene Teo <eteo@redhat.com>
Acked-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 24d7bb33
Loading
Loading
Loading
Loading
+5 −4
Original line number Diff line number Diff line
@@ -58,12 +58,13 @@ static int get_fdb_entries(struct net_bridge *br, void __user *userbuf,
{
	int num;
	void *buf;
	size_t size = maxnum * sizeof(struct __fdb_entry);
	size_t size;

	if (size > PAGE_SIZE) {
		size = PAGE_SIZE;
	/* Clamp size to PAGE_SIZE, test maxnum to avoid overflow */
	if (maxnum > PAGE_SIZE/sizeof(struct __fdb_entry))
		maxnum = PAGE_SIZE/sizeof(struct __fdb_entry);
	}

	size = maxnum * sizeof(struct __fdb_entry);

	buf = kmalloc(size, GFP_USER);
	if (!buf)