Commit 261eba73 authored by Alan Cox's avatar Alan Cox Committed by Linus Torvalds

drivers/message/i2o/i2o_config.c: bound allocation

Fix a case where users can try to allocate arbitarily large amounts of
memory. 64K is overkill for a config request so apply an upper bound.
Signed-off-by: default avatarAlan Cox <alan@linux.intel.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 40251b8e
...@@ -188,6 +188,13 @@ static int i2o_cfg_parms(unsigned long arg, unsigned int type) ...@@ -188,6 +188,13 @@ static int i2o_cfg_parms(unsigned long arg, unsigned int type)
if (!dev) if (!dev)
return -ENXIO; return -ENXIO;
/*
* Stop users being able to try and allocate arbitary amounts
* of DMA space. 64K is way more than sufficient for this.
*/
if (kcmd.oplen > 65536)
return -EMSGSIZE;
ops = memdup_user(kcmd.opbuf, kcmd.oplen); ops = memdup_user(kcmd.opbuf, kcmd.oplen);
if (IS_ERR(ops)) if (IS_ERR(ops))
return PTR_ERR(ops); return PTR_ERR(ops);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment