Skip to content

Commit

Permalink
safesetid: check size of policy writes
Browse files Browse the repository at this point in the history 
syzbot attempts to write a buffer with a large size to a sysfs entry
with writes handled by handle_policy_update(), triggering a warning
in kmalloc.

Check the size specified for write buffers before allocating.

Reported-by: [email protected]
Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a
Signed-off-by: Leo Stone <[email protected]>
[PM: subject tweak]
Signed-off-by: Paul Moore <[email protected]>
  • Loading branch information
@leocstone @pcmoore
leocstone authored and pcmoore committed Jan 5, 2025
1 parent 3b44cd0 commit f09ff30
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions security/safesetid/securityfs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,9 @@ static ssize_t handle_policy_update(struct file *file,
char *buf, *p, *end;
int err;

if (len >= KMALLOC_MAX_SIZE)
return -EINVAL;

pol = kmalloc(sizeof(struct setid_ruleset), GFP_KERNEL);
if (!pol)
return -ENOMEM;
Expand Down

0 comments on commit f09ff30

Please sign in to comment.