]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 84bba4b)
configfs: Return -EFBIG from configfs_write_bin_file.
authorPhil Turnbull <phil.turnbull@oracle.com>
Thu, 15 Sep 2016 16:20:12 +0000 (12:20 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 30 Sep 2016 08:12:44 +0000 (10:12 +0200)
commit 42857cf512cb34c2c8cb50f1e766689d979d64e0 upstream.

The check for writing more than cb_max_size bytes does not 'goto out' so
it is a no-op which allows users to vmalloc an arbitrary amount.

Fixes: 03607ace807b ("configfs: implement binary attributes")
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/configfs/file.c patch | blob | blame | history

diff --git a/fs/configfs/file.c b/fs/configfs/file.c
index bbc1252a59f5f1431ee779e16780f19a5f47a5d8..2ddfa05d71f52b66fd4f8f27fae0d96794f39461 100644 (file)
--- a/fs/configfs/file.c
+++ b/fs/configfs/file.c
@@ -333,6 +333,7 @@ configfs_write_bin_file(struct file *file, const char __user *buf,
                if (bin_attr->cb_max_size &&
                        *ppos + count > bin_attr->cb_max_size) {
                        len = -EFBIG;
+                       goto out;
                }
 
                tbuf = vmalloc(*ppos + count);
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git