fanotify: don't write with size under sizeof(response)
fanotify_write() only aligned copy_from_user size to sizeof(response) for higher values. This patch avoids all values below as suggested by Amir Goldstein and set to response size unconditionally. Link: https://lore.kernel.org/r/20200512181921.405973-1-fabf@skynet.be Signed-off-by: Fabian Frederick <fabf@skynet.be> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
parent
5a449099b9
commit
5e23663b49
@ -487,8 +487,10 @@ static ssize_t fanotify_write(struct file *file, const char __user *buf, size_t
|
||||
|
||||
group = file->private_data;
|
||||
|
||||
if (count > sizeof(response))
|
||||
count = sizeof(response);
|
||||
if (count < sizeof(response))
|
||||
return -EINVAL;
|
||||
|
||||
count = sizeof(response);
|
||||
|
||||
pr_debug("%s: group=%p count=%zu\n", __func__, group, count);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user