[PATCH] lsm: check size of writes
Leo Stone
leocstone at gmail.com
Mon Dec 16 03:02:11 UTC 2024
syzbot attempts to write a buffer with a large size to a sysfs entry
with writes handled by safesetid_gid_file_write(), triggering a warning
in kmalloc.
Check the size specified for write buffers before allocating.
Reported-by: syzbot+4eb7a741b3216020043a at syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a
Signed-off-by: Leo Stone <leocstone at gmail.com>
---
security/safesetid/securityfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
index 25310468bcdd..5eba4c7f8d9e 100644
--- a/security/safesetid/securityfs.c
+++ b/security/safesetid/securityfs.c
@@ -254,7 +254,7 @@ static ssize_t safesetid_gid_file_write(struct file *file,
if (!file_ns_capable(file, &init_user_ns, CAP_MAC_ADMIN))
return -EPERM;
- if (*ppos != 0)
+ if (*ppos != 0 || len >= KMALLOC_MAX_SIZE)
return -EINVAL;
return handle_policy_update(file, buf, len, GID);
--
2.43.0
More information about the Linux-security-module-archive
mailing list