korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-21 20:22:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

drivers/message/i2o/i2o_config.c: bound allocation

Browse Source 
Fix a case where users can try to allocate arbitarily large amounts of
memory. 64K is overkill for a config request so apply an upper bound.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Alan Cox 2012-07-30 14:41:30 -07:00 committed by Linus Torvalds
parent 40251b8eb4
commit 261eba7335
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/message/i2o/i2o_config.c
View File

@ -188,6 +188,13 @@ static int i2o_cfg_parms(unsigned long arg, unsigned int type)
if (!dev)
return -ENXIO;
/*
* Stop users being able to try and allocate arbitary amounts
* of DMA space. 64K is way more than sufficient for this.
*/
if (kcmd.oplen > 65536)
return -EMSGSIZE;
ops = memdup_user(kcmd.opbuf, kcmd.oplen);
if (IS_ERR(ops))
return PTR_ERR(ops);