On Tue, 2015-05-05 at 02:16 +0100, Ben Hutchings wrote: > 3.2.69-rc1 review patch. If anyone has any objections, please let me know. Perhaps you should also consider including commit 0a280962 along with this one. > > ------------------ > > From: Sasha Levin <sasha.levin@xxxxxxxxxx> > > commit e53d77eb8bb616e903e34cc7a918401bee3b5149 upstream. > > There wasn't any check of the size passed from userspace before trying > to allocate the memory required. > > This meant that userspace might request more space than allowed, > triggering an OOM. > > Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx> > Signed-off-by: Ian Kent <raven@xxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> > --- > fs/autofs4/dev-ioctl.c | 3 +++ > 1 file changed, 3 insertions(+) > > --- a/fs/autofs4/dev-ioctl.c > +++ b/fs/autofs4/dev-ioctl.c > @@ -103,6 +103,9 @@ static struct autofs_dev_ioctl *copy_dev > if (tmp.size < sizeof(tmp)) > return ERR_PTR(-EINVAL); > > + if (tmp.size > (PATH_MAX + sizeof(tmp))) > + return ERR_PTR(-ENAMETOOLONG); > + > return memdup_user(in, tmp.size); > } > > -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html