projects / openwrt / staging / blogic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9903a91) | patch
pipe: reject F_SETPIPE_SZ with size over UINT_MAX
authorEric Biggers <[email protected]>
Tue, 6 Feb 2018 23:42:00 +0000 (15:42 -0800)
committerLinus Torvalds <[email protected]>
Wed, 7 Feb 2018 02:32:47 +0000 (18:32 -0800)
commit96e99be40e4cff870a83233731121ec0f7f95075
treedf5a16068f9dbec9b28f721cc4bd48f17f7630a4tree | snapshot
parent9903a91c763ecdae333a04a9d89d79d2b8966503commit | diff
pipe: reject F_SETPIPE_SZ with size over UINT_MAX

A pipe's size is represented as an 'unsigned int'.  As expected, writing a
value greater than UINT_MAX to /proc/sys/fs/pipe-max-size fails with
EINVAL.  However, the F_SETPIPE_SZ fcntl silently truncates such values to
32 bits, rather than failing with EINVAL as expected.  (It *does* fail
with EINVAL for values above (1 << 31) but <= UINT_MAX.)

Fix this by moving the check against UINT_MAX into round_pipe_size() which
is called in both cases.

Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Eric Biggers <[email protected]>
Acked-by: Kees Cook <[email protected]>
Acked-by: Joe Lawrence <[email protected]>
Cc: Alexander Viro <[email protected]>
Cc: "Luis R . Rodriguez" <[email protected]>
Cc: Michael Kerrisk <[email protected]>
Cc: Mikulas Patocka <[email protected]>
Cc: Willy Tarreau <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
fs/pipe.c diff | blob | history
include/linux/pipe_fs_i.h diff | blob | history
kernel/sysctl.c diff | blob | history
John Crispins staging tree