mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-28 06:34:12 +08:00
sctp: use GFP_USER for user-controlled kmalloc
Dmitry Vyukov reported that the user could trigger a kernel warning by using a large len value for getsockopt SCTP_GET_LOCAL_ADDRS, as that value directly affects the value used as a kmalloc() parameter. This patch thus switches the allocation flags from all user-controllable kmalloc size to GFP_USER to put some more restrictions on it and also disables the warn, as they are not necessary. Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
38ee8fb67c
commit
cacc062152
@ -972,7 +972,7 @@ static int sctp_setsockopt_bindx(struct sock *sk,
|
|||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
/* Alloc space for the address array in kernel memory. */
|
/* Alloc space for the address array in kernel memory. */
|
||||||
kaddrs = kmalloc(addrs_size, GFP_KERNEL);
|
kaddrs = kmalloc(addrs_size, GFP_USER | __GFP_NOWARN);
|
||||||
if (unlikely(!kaddrs))
|
if (unlikely(!kaddrs))
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
@ -4928,7 +4928,7 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len,
|
|||||||
to = optval + offsetof(struct sctp_getaddrs, addrs);
|
to = optval + offsetof(struct sctp_getaddrs, addrs);
|
||||||
space_left = len - offsetof(struct sctp_getaddrs, addrs);
|
space_left = len - offsetof(struct sctp_getaddrs, addrs);
|
||||||
|
|
||||||
addrs = kmalloc(space_left, GFP_KERNEL);
|
addrs = kmalloc(space_left, GFP_USER | __GFP_NOWARN);
|
||||||
if (!addrs)
|
if (!addrs)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user