Skip to content

L
linux

Linux-御风守护者 / linux
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 0
Fork 0
L
linux

体验新版 GitCode,发现更多精彩内容 >>

提交 1ecd3c7e 编写于 作者: X Xi Wang 提交者: Linus Torvalds
浏览文件
操作

nilfs2: avoid overflowing segment numbers in nilfs_ioctl_clean_segments() 

nsegs is read from userspace.  Limit its value and avoid overflowing nsegs
* sizeof(__u64) in the subsequent call to memdup_user().

This patch complements 481fe17e ("nilfs2: potential integer overflow
in nilfs_ioctl_clean_segments()").
Signed-off-by: NXi Wang <xi.wang@gmail.com>
Cc: Haogang Chen <haogangchen@gmail.com>
Acked-by: NRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 98e96852
隐藏空白更改
内联 并排
Showing with 2 addition and 0 deletion
fs/nilfs2/ioctl.c
浏览文件 @ 1ecd3c7e
......@@ -603,6 +603,8 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp,
nsegs = argv[4].v_nmembs;
if (argv[4].v_size != argsz[4])
goto out;
if (nsegs > UINT_MAX / sizeof(__u64))
goto out;
/*
* argv[4] points to segment numbers this ioctl cleans. We
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册