From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752904AbcI1JZc (ORCPT ); Wed, 28 Sep 2016 05:25:32 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:57624 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753107AbcI1JKH (ORCPT ); Wed, 28 Sep 2016 05:10:07 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Phil Turnbull , Christoph Hellwig Subject: [PATCH 4.7 22/69] configfs: Return -EFBIG from configfs_write_bin_file. Date: Wed, 28 Sep 2016 11:05:04 +0200 Message-Id: <20160928090446.039994816@linuxfoundation.org> X-Mailer: git-send-email 2.10.0 In-Reply-To: <20160928090445.054716307@linuxfoundation.org> References: <20160928090445.054716307@linuxfoundation.org> User-Agent: quilt/0.64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.7-stable review patch. If anyone has any objections, please let me know. ------------------ From: Phil Turnbull commit 42857cf512cb34c2c8cb50f1e766689d979d64e0 upstream. The check for writing more than cb_max_size bytes does not 'goto out' so it is a no-op which allows users to vmalloc an arbitrary amount. Fixes: 03607ace807b ("configfs: implement binary attributes") Signed-off-by: Phil Turnbull Signed-off-by: Christoph Hellwig Signed-off-by: Greg Kroah-Hartman --- fs/configfs/file.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/configfs/file.c +++ b/fs/configfs/file.c @@ -333,6 +333,7 @@ configfs_write_bin_file(struct file *fil if (bin_attr->cb_max_size && *ppos + count > bin_attr->cb_max_size) { len = -EFBIG; + goto out; } tbuf = vmalloc(*ppos + count);