lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[PATCH] bridge: fix possible overflow in get_fdb_entries

Browse Source 
Make sure to properly clamp maxnum to avoid overflow

Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Acked-by: Eugene Teo <eteo@redhat.com>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Chris Wright
2006-11-20 15:02:49 -08:00
committed by Linus Torvalds
parent 24d7bb3396
commit ba8379b220
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
net/bridge/br_ioctl.c
View File

@@ -58,12 +58,13 @@ static int get_fdb_entries(struct net_bridge *br, void __user *userbuf,
{ {
int num; int num;
void *buf; void *buf;
size_t size = maxnum * sizeof(struct __fdb_entry); size_t size;
if (size > PAGE_SIZE) { /* Clamp size to PAGE_SIZE, test maxnum to avoid overflow */
size = PAGE_SIZE; if (maxnum > PAGE_SIZE/sizeof(struct __fdb_entry))
maxnum = PAGE_SIZE/sizeof(struct __fdb_entry); maxnum = PAGE_SIZE/sizeof(struct __fdb_entry);
}
size = maxnum * sizeof(struct __fdb_entry);
buf = kmalloc(size, GFP_USER); buf = kmalloc(size, GFP_USER);
if (!buf) if (!buf)