UBIFS: Fix potential integer overflow in allocation - linux-dev - Linux kernel development work

diff options

author	Silvio Cesare <silvio.cesare@gmail.com>	2018-05-04 13:44:02 +1000
committer	Kees Cook <keescook@chromium.org>	2018-06-12 16:19:22 -0700
commit	353748a359f1821ee934afc579cf04572406b420 (patch)
tree	c386b02a98fa6658d42dce10ce588f99536ea339 /security/selinux/ss
parent	leds: Use struct_size() in allocation (diff)
download	linux-dev-353748a359f1821ee934afc579cf04572406b420.tar.xz linux-dev-353748a359f1821ee934afc579cf04572406b420.zip

UBIFS: Fix potential integer overflow in allocation

There is potential for the size and len fields in ubifs_data_node to be too large causing either a negative value for the length fields or an integer overflow leading to an incorrect memory allocation. Likewise, when the len field is small, an integer underflow may occur. Signed-off-by: Silvio Cesare <silvio.cesare@gmail.com> Fixes: 1e51764a3c2ac ("UBIFS: add new flash file system") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org>

Diffstat (limited to 'security/selinux/ss')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: