| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241216030213.246804-2-leocstone@gmail.com> Date: Sun, 15 Dec 2024 19:02:11 -0800 From: Leo Stone <leocstone@...il.com> To: syzbot+4eb7a741b3216020043a@...kaller.appspotmail.com Cc: Leo Stone <leocstone@...il.com>, jmorris@...ei.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, mortonm@...omium.org, paul@...l-moore.com, serge@...lyn.com, syzkaller-bugs@...glegroups.com Subject: [PATCH] lsm: check size of writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by safesetid_gid_file_write(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. Reported-by: syzbot+4eb7a741b3216020043a@...kaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a Signed-off-by: Leo Stone <leocstone@...il.com> --- security/safesetid/securityfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c index 25310468bcdd..5eba4c7f8d9e 100644 --- a/security/safesetid/securityfs.c +++ b/security/safesetid/securityfs.c @@ -254,7 +254,7 @@ static ssize_t safesetid_gid_file_write(struct file *file, if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN)) return -EPERM; - if (*ppos != 0) + if (*ppos != 0 || len >= KMALLOC_MAX_SIZE) return -EINVAL; return handle_policy_update(file, buf, len, GID); -- 2.43.0
Powered by blists - more mailing lists