forked from luck/tmp_suning_uos_patched
dlm: check the write size from user
Return EINVAL from write if the size is larger than allowed. Do this before allocating kernel memory for the bogus size, which could lead to OOM. Reported-by: Sasha Levin <levinsasha928@gmail.com> Tested-by: Jana Saout <jana@saout.de> Signed-off-by: David Teigland <teigland@redhat.com>
This commit is contained in:
parent
6edacf05c8
commit
d4b0bcf32b
|
@ -503,11 +503,11 @@ static ssize_t device_write(struct file *file, const char __user *buf,
|
||||||
#endif
|
#endif
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
#ifdef CONFIG_COMPAT
|
/*
|
||||||
if (count > sizeof(struct dlm_write_request32) + DLM_RESNAME_MAXLEN)
|
* can't compare against COMPAT/dlm_write_request32 because
|
||||||
#else
|
* we don't yet know if is64bit is zero
|
||||||
|
*/
|
||||||
if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN)
|
if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN)
|
||||||
#endif
|
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
kbuf = kzalloc(count + 1, GFP_NOFS);
|
kbuf = kzalloc(count + 1, GFP_NOFS);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user