On Sat, 2014-04-05 at 11:06 -0400, Sasha Levin wrote: > Ping? Anyone wants to take this? Is this causing a problem for users? If it is I'll send it to Andrew straight away. I do have this on my queue but don't have any other patches to send so it's just sitting there. If it worries you I'll send it to Andrew now. > > On 03/15/2014 09:40 PM, Sasha Levin wrote: > > There wasn't any check of the size passed from userspace before > > trying to allocate the memory required. > > > > This meant that userspace might request more space than allowed, > > triggering an OOM. > > > > Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx> > > --- > > fs/autofs4/dev-ioctl.c | 3 +++ > > 1 files changed, 3 insertions(+), 0 deletions(-) > > > > diff --git a/fs/autofs4/dev-ioctl.c b/fs/autofs4/dev-ioctl.c > > index 3182c0e..86fa7af 100644 > > --- a/fs/autofs4/dev-ioctl.c > > +++ b/fs/autofs4/dev-ioctl.c > > @@ -103,6 +103,9 @@ static struct autofs_dev_ioctl *copy_dev_ioctl(struct autofs_dev_ioctl __user *i > > if (tmp.size < sizeof(tmp)) > > return ERR_PTR(-EINVAL); > > > > + if (tmp.size > (PATH_MAX + sizeof(tmp))) > > + return ERR_PTR(-E2BIG); > > + > > return memdup_user(in, tmp.size); > > } > > > > > -- To unsubscribe from this list: send the line "unsubscribe autofs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
