tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

safesetid: check size of policy writes

syzbot attempts to write a buffer with a large size to a sysfs entry
with writes handled by handle_policy_update(), triggering a warning
in kmalloc.

Check the size specified for write buffers before allocating.

Reported-by: syzbot+4eb7a741b3216020043a@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a
Signed-off-by: Leo Stone <leocstone@gmail.com>
[PM: subject tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Leo Stone and committed by
Paul Moore f09ff307 3b44cd09

+3
+3
security/safesetid/securityfs.c
··· 143 143 char *buf, *p, *end; 144 144 int err; 145 145 146 + if (len >= KMALLOC_MAX_SIZE) 147 + return -EINVAL; 148 + 146 149 pol = kmalloc(sizeof(struct setid_ruleset), GFP_KERNEL); 147 150 if (!pol) 148 151 return -ENOMEM;