| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180701212051.29486-1-richard@nod.at>
Date: Sun, 1 Jul 2018 23:20:50 +0200
From: Richard Weinberger <richard@....at>
To: linux-mtd@...ts.infradead.org
Cc: linux-kernel@...r.kernel.org, Richard Weinberger <richard@....at>,
Kees Cook <keescook@...omium.org>,
Silvio Cesare <silvio.cesare@...il.com>, stable@...r.kernel.org
Subject: [PATCH 1/2] Revert "UBIFS: Fix potential integer overflow in allocation"
This reverts commit 353748a359f1821ee934afc579cf04572406b420.
It bypassed the linux-mtd review process and fixes the issue not as it
should.
Cc: Kees Cook <keescook@...omium.org>
Cc: Silvio Cesare <silvio.cesare@...il.com>
Cc: stable@...r.kernel.org
Signed-off-by: Richard Weinberger <richard@....at>
---
fs/ubifs/journal.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/ubifs/journal.c b/fs/ubifs/journal.c
index 07b4956e0425..da8afdfccaa6 100644
--- a/fs/ubifs/journal.c
+++ b/fs/ubifs/journal.c
@@ -1282,11 +1282,10 @@ static int truncate_data_node(const struct ubifs_info *c, const struct inode *in
int *new_len)
{
void *buf;
- int err, compr_type;
- u32 dlen, out_len, old_dlen;
+ int err, dlen, compr_type, out_len, old_dlen;
out_len = le32_to_cpu(dn->size);
- buf = kmalloc_array(out_len, WORST_COMPR_FACTOR, GFP_NOFS);
+ buf = kmalloc(out_len * WORST_COMPR_FACTOR, GFP_NOFS);
if (!buf)
return -ENOMEM;
--
2.18.0
Powered by blists - more mailing lists