From: Eric Sandeen sandeen@redhat.com
stable inclusion from stable-5.10.52 commit 174c34d9cda1b5818419b8f5a332ced10755e52f bugzilla: 331 CVE: CVE-2021-33909
---------------------------------------------------------------
commit 8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b upstream.
There is no reasonable need for a buffer larger than this, and it avoids int overflow pitfalls.
Fixes: 058504edd026 ("fs/seq_file: fallback to vmalloc allocation") Suggested-by: Al Viro viro@zeniv.linux.org.uk Reported-by: Qualys Security Advisory qsa@qualys.com Signed-off-by: Eric Sandeen sandeen@redhat.com Cc: stable@kernel.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/seq_file.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/fs/seq_file.c b/fs/seq_file.c index 03a369ccd28c..472714716be6 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -32,6 +32,9 @@ static void seq_set_overflow(struct seq_file *m)
static void *seq_buf_alloc(unsigned long size) { + if (unlikely(size > MAX_RW_COUNT)) + return NULL; + return kvmalloc(size, GFP_KERNEL_ACCOUNT); }