| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Nov 2014 18:58:02 -0500 From: Sasha Levin <sasha.levin@...cle.com> To: mingo@...nel.org, akpm@...ux-foundation.org, torvalds@...ux-foundation.org Cc: linux-kernel@...r.kernel.org, Sasha Levin <sasha.levin@...cle.com> Subject: [RFC v2 2/2] fs: correctly check for signed integer overflow in vfs_fallocate Both "offset" and "len" are signed integers who's addition may overflow and trigger undefined behaviour. Signed-off-by: Sasha Levin <sasha.levin@...cle.com> --- fs/open.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/open.c b/fs/open.c index 813be03..33d5cae 100644 --- a/fs/open.c +++ b/fs/open.c @@ -287,7 +287,8 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) return -ENODEV; /* Check for wrap through zero too */ - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) + if (check_add_overflow(offset, len) || + (offset + len) > inode->i_sb->s_maxbytes) return -EFBIG; if (!file->f_op->fallocate) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists