From: David Teigland Date: Mon, 4 Feb 2013 21:31:22 +0000 (-0600) Subject: dlm: check the write size from user X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=d4b0bcf32b946590afd29e202d6a399b84fe6c67;p=openwrt%2Fstaging%2Fblogic.git dlm: check the write size from user Return EINVAL from write if the size is larger than allowed. Do this before allocating kernel memory for the bogus size, which could lead to OOM. Reported-by: Sasha Levin Tested-by: Jana Saout Signed-off-by: David Teigland --- diff --git a/fs/dlm/user.c b/fs/dlm/user.c index 7ff49852b0cb..911649a47dd5 100644 --- a/fs/dlm/user.c +++ b/fs/dlm/user.c @@ -503,11 +503,11 @@ static ssize_t device_write(struct file *file, const char __user *buf, #endif return -EINVAL; -#ifdef CONFIG_COMPAT - if (count > sizeof(struct dlm_write_request32) + DLM_RESNAME_MAXLEN) -#else + /* + * can't compare against COMPAT/dlm_write_request32 because + * we don't yet know if is64bit is zero + */ if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN) -#endif return -EINVAL; kbuf = kzalloc(count + 1, GFP_NOFS);