Linux-Modules Archive on lore.kernel.org
 help / Atom feed
* [PATCH] libkmod: Verify memory sizes on 32 bit systems.
@ 2017-06-25 14:55 Tobias Stoeckmann
  0 siblings, 0 replies; 1+ messages in thread
From: Tobias Stoeckmann @ 2017-06-25 14:55 UTC (permalink / raw)
  To: linux-modules

Large file system support is activated by default, which means that
on 32 bit systems, off_t is 64 bit in size.

Using st.st_size or any other 64 bit variable with mmap can lead to
integer truncation and therefore insufficient memory mapping.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 libkmod/libkmod-file.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libkmod/libkmod-file.c b/libkmod/libkmod-file.c
index 5eeba6a..86f34c6 100644
--- a/libkmod/libkmod-file.c
+++ b/libkmod/libkmod-file.c
@@ -255,6 +255,8 @@ static int load_reg(struct kmod_file *file)
 		return -errno;
 
 	file->size = st.st_size;
+	if ((uintmax_t)st.st_size > (uintmax_t)SIZE_MAX)
+		return -EFBIG;
 	file->memory = mmap(NULL, file->size, PROT_READ, MAP_PRIVATE,
 			    file->fd, 0);
 	if (file->memory == MAP_FAILED)
-- 
2.13.2


^ permalink raw reply	[flat|nested] 1+ messages in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-25 14:55 [PATCH] libkmod: Verify memory sizes on 32 bit systems Tobias Stoeckmann

Linux-Modules Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-modules/0 linux-modules/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-modules linux-modules/ https://lore.kernel.org/linux-modules \
		linux-modules@vger.kernel.org linux-modules@archiver.kernel.org
	public-inbox-index linux-modules


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-modules


AGPL code for this site: git clone https://public-inbox.org/ public-inbox