Skip to content

Commit

Permalink
UBUNTU: SAUCE: seq_file: Disallow extremely large seq buffer allocations
Browse files Browse the repository at this point in the history 
There is no reasonable need for a buffer larger than this,
and it avoids int overflow pitfalls.

Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Eric Sandeen <sandeen@redhat.com>

CVE-2021-33909
Fixes: 058504e ("fs/seq_file: fallback to vmalloc allocation")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Benjamin M Romer <benjamin.romer@canonical.com>
  • Loading branch information
Eric Sandeen authored and Thadeu Lima de Souza Cascardo committed Jul 16, 2021
1 parent 58d2e61 commit fc514b2
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions fs/seq_file.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m)

static void *seq_buf_alloc(unsigned long size)
{
if (unlikely(size > MAX_RW_COUNT))
return NULL;

return kvmalloc(size, GFP_KERNEL_ACCOUNT);
}

Expand Down

0 comments on commit fc514b2

Please sign in to comment.