Commit f09ff307 authored by Leo Stone's avatar Leo Stone Committed by Paul Moore
Browse files

safesetid: check size of policy writes 



syzbot attempts to write a buffer with a large size to a sysfs entry
with writes handled by handle_policy_update(), triggering a warning
in kmalloc.

Check the size specified for write buffers before allocating.

Reported-by: default avatar <syzbot+4eb7a741b3216020043a@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a


Signed-off-by: default avatarLeo Stone <leocstone@gmail.com>
[PM: subject tweak]
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 3b44cd09

security/safesetid/securityfs.c

+3 −0
Original line number Diff line number Diff line
@@ -143,6 +143,9 @@ static ssize_t handle_policy_update(struct file *file, 
	char *buf, *p, *end;

	int err;



	if (len >= KMALLOC_MAX_SIZE)

		return -EINVAL;



	pol = kmalloc(sizeof(struct setid_ruleset), GFP_KERNEL);

	if (!pol)

		return -ENOMEM;