Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / f08b18266c7116e2ec6885dd53a928f580060a71
commitf08b18266c7116e2ec6885dd53a928f580060a71[log] [tgz]
authorAlexander Shishkin <alexander.shishkin@linux.intel.com>Tue Dec 22 17:25:21 2015 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sun Feb 07 22:43:17 2016 -0800
tree90487bb127914a64084190520a3517f1d5137150
parent7b3bb0e75395b2f3b0f95d9ae50581e989ba5e4c [diff]
stm class: Prevent user-controllable allocations

Currently, the character device write method allocates a temporary buffer
for user's data, but the user's data size is not sanitized and can cause
arbitrarily large allocations via kzalloc() or an integer overflow that
will then result in overwriting kernel memory.

This patch trims the input buffer size to avoid these issues.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 90487bb127914a64084190520a3517f1d5137150
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS