diff options
author | Eric Sandeen <sandeen@redhat.com> | 2021-07-13 18:49:23 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-07-20 17:17:55 +0300 |
commit | 3c07d1335d17ae0411101024de438dbc3734e992 (patch) | |
tree | b87f3ec0e9435f194a37a11f3b35bd3db62ed7d5 | |
parent | 2ab1c6d3294b08fd51e8bb4b942552167757cdf9 (diff) | |
download | linux-3c07d1335d17ae0411101024de438dbc3734e992.tar.xz |
seq_file: disallow extremely large seq buffer allocations
commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
There is no reasonable need for a buffer larger than this, and it avoids
int overflow pitfalls.
Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation")
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | fs/seq_file.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/seq_file.c b/fs/seq_file.c index eea09f6d8830..6cb1144421bb 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -26,6 +26,9 @@ static void seq_set_overflow(struct seq_file *m) static void *seq_buf_alloc(unsigned long size) { + if (unlikely(size > MAX_RW_COUNT)) + return NULL; + return kvmalloc(size, GFP_KERNEL); } |