On Mon, May 11, 2020 at 9:02 PM Fabian Frederick <fabf@xxxxxxxxx> wrote: > > check count in fanotify_write() and return -EINVAL when 0 > > Signed-off-by: Fabian Frederick <fabf@xxxxxxxxx> > --- > fs/notify/fanotify/fanotify_user.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c > index 02a314acc757..6e19dacb2475 100644 > --- a/fs/notify/fanotify/fanotify_user.c > +++ b/fs/notify/fanotify/fanotify_user.c > @@ -485,6 +485,9 @@ static ssize_t fanotify_write(struct file *file, const char __user *buf, size_t > if (!IS_ENABLED(CONFIG_FANOTIFY_ACCESS_PERMISSIONS)) > return -EINVAL; > > + if (!count) > + return -EINVAL; > + Maybe even (count < sizeof(response)) ? > group = file->private_data; > > if (count > sizeof(response)) > -- > 2.26.2 >
