From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:46876 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932974AbcKQKeA (ORCPT ); Thu, 17 Nov 2016 05:34:00 -0500 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Takashi Iwai Subject: [PATCH 4.8 02/92] ALSA: info: Limit the proc text input size Date: Thu, 17 Nov 2016 11:31:35 +0100 Message-Id: <20161117103224.314799146@linuxfoundation.org> In-Reply-To: <20161117103224.218007793@linuxfoundation.org> References: <20161117103224.218007793@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: stable-owner@vger.kernel.org List-ID: 4.8-stable review patch. If anyone has any objections, please let me know. ------------------ From: Takashi Iwai commit 027a9fe6835620422b6713892175716f3613dd9d upstream. The ALSA proc handler allows currently the write in the unlimited size until kmalloc() fails. But basically the write is supposed to be only for small inputs, mostly for one line inputs, and we don't have to handle too large sizes at all. Since the kmalloc error results in the kernel warning, it's better to limit the size beforehand. This patch adds the limit of 16kB, which must be large enough for the currently existing code. Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/core/info.c | 3 +++ 1 file changed, 3 insertions(+) --- a/sound/core/info.c +++ b/sound/core/info.c @@ -331,6 +331,9 @@ static ssize_t snd_info_text_entry_write if (!valid_pos(pos, count)) return -EIO; next = pos + count; + /* don't handle too large text inputs */ + if (next > 16 * 1024) + return -EIO; mutex_lock(&entry->access); buf = data->wbuffer; if (!buf) {