From fc514b2a6565e125f38c712c4fe60a9881d64c69 Mon Sep 17 00:00:00 2001 From: Eric Sandeen <sandeen@redhat.com> Date: Wed, 7 Jul 2021 13:32:08 +0200 Subject: [PATCH] UBUNTU: SAUCE: seq_file: Disallow extremely large seq buffer allocations There is no reasonable need for a buffer larger than this, and it avoids int overflow pitfalls. Suggested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Eric Sandeen <sandeen@redhat.com> CVE-2021-33909 Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Benjamin M Romer <benjamin.romer@canonical.com> --- fs/seq_file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/seq_file.c b/fs/seq_file.c index 5059248f2d648..d6aacbac793ad 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m) static void *seq_buf_alloc(unsigned long size) { + if (unlikely(size > MAX_RW_COUNT)) + return NULL; + return kvmalloc(size, GFP_KERNEL_ACCOUNT); }