lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Jan 2016 11:24:24 -0800 From: Cong Wang <xiyou.wangcong@...il.com> To: netdev@...r.kernel.org Cc: dvyukov@...gle.com, linux-wireless@...r.kernel.org, julian.calaby@...il.com, eric.dumazet@...il.com, Cong Wang <xiyou.wangcong@...il.com>, Lauro Ramos Venancio <lauro.venancio@...nbossa.org>, Aloisio Almeida Jr <aloisio.almeida@...nbossa.org>, Samuel Ortiz <sameo@...ux.intel.com> Subject: [PATCH v2 net] nfc: use GFP_USER for user-controlled kmalloc These two functions are called in sendmsg path, and the 'len' is passed from user-space, so we should not allow malicious users to OOM kernel on purpose. Reported-by: Dmitry Vyukov <dvyukov@...gle.com> Cc: Lauro Ramos Venancio <lauro.venancio@...nbossa.org> Cc: Aloisio Almeida Jr <aloisio.almeida@...nbossa.org> Cc: Samuel Ortiz <sameo@...ux.intel.com> Signed-off-by: Cong Wang <xiyou.wangcong@...il.com> --- net/nfc/llcp_commands.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c index 3621a90..3425532 100644 --- a/net/nfc/llcp_commands.c +++ b/net/nfc/llcp_commands.c @@ -663,7 +663,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock, return -ENOBUFS; } - msg_data = kzalloc(len, GFP_KERNEL); + msg_data = kmalloc(len, GFP_USER | __GFP_NOWARN); if (msg_data == NULL) return -ENOMEM; @@ -729,7 +729,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, if (local == NULL) return -ENODEV; - msg_data = kzalloc(len, GFP_KERNEL); + msg_data = kmalloc(len, GFP_USER | __GFP_NOWARN); if (msg_data == NULL) return -ENOMEM; -- 1.8.3.1
Powered by blists - more mailing lists