From patchwork Sun Jun 25 14:55:37 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Stoeckmann X-Patchwork-Id: 9808177 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id EC2CE603F3 for ; Sun, 25 Jun 2017 14:54:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D0E592837E for ; Sun, 25 Jun 2017 14:54:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C39EE28665; Sun, 25 Jun 2017 14:54:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 35A332837E for ; Sun, 25 Jun 2017 14:54:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750831AbdFYOyR (ORCPT ); Sun, 25 Jun 2017 10:54:17 -0400 Received: from mout.kundenserver.de ([212.227.126.133]:50721 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750763AbdFYOyQ (ORCPT ); Sun, 25 Jun 2017 10:54:16 -0400 Received: from localhost ([93.225.48.83]) by mrelayeu.kundenserver.de (mreue001 [212.227.15.129]) with ESMTPSA (Nemesis) id 0LfKWX-1e8yGy1FV3-00p3WS for ; Sun, 25 Jun 2017 16:54:13 +0200 Date: Sun, 25 Jun 2017 16:55:37 +0200 From: Tobias Stoeckmann To: linux-modules@vger.kernel.org Subject: [PATCH] libkmod: Verify memory sizes on 32 bit systems. Message-ID: <20170625145537.GA31667@localhost> MIME-Version: 1.0 Content-Disposition: inline X-Provags-ID: V03:K0:sEDBdbaw/fJo9/3ow9BQwWaE0DVEX5I2yByBmdBJbKghPlnsYmH gM6vHGQU2xIKEUcjE/TkxGYW7WVEHaK/NumsHF64/XjjHof0cuVxNU6LYv1zFHmwbsVKm4/ 5ROUGEBGNmKLX7roEesJ7QvUOxP2cR9d9dBTUU75jB/YXM6kHbTIxX4rfhS81sAEQs1EW+T 7w3f6hJv4evG9Gb4zRLwQ== X-UI-Out-Filterresults: notjunk:1; V01:K0:o3iWOsQwaeY=:CWMirzVXhDXFIdnX1TUGAc Llh0/fq54/bXaKEOakjaP0EF9UC3Tov/EhZx6GMYhI0PRjpaasShwc2QQPQ+ZnPPMdvVdMwE4 1rpYXYlfJEvaa7twGcJI+FVmkQ4EPkLECVNf3V32nBzxSbfbLWCMnTVWrEJZfgfeI581TlAs3 Zlo9rAkbX3d7WJIHVhmtmVBuchWFD1RfI9QFdWlFyQxZYBvLpQeGBWMPyE3qR/XSmvVid52jU LS3nRP5tMerkaIheyp8tYWXnEZFgQi0xJLVCjENMQxY2tEk4kVtwD+LxFvC86XL7MWKi/5HCg HWFg82cB/HhDJHlOu/XvIDBz7FJbhmqTdPG/ijVavmabw3tQoafqfD+mlzu0brmTkNKXaNHB1 6jlZR4jiRO342j6Sk4/2u1MAPh/mNVNqDNYycIz0NmgLmJm2IZcDAzr5zIU4AgSzkrC0Iz19B 1XALQzRnWjiVOz+5WDvJZ3NuMK84yJ5YKru1GzsFsj9yeHW/ImE4pvm9j4cx6P/S2T/g00UK1 4W4C7T80+nQaLSG0umMFWHLMLSz++8Mwl9CthQnrH6QScPaRH5gn9jEc0Q74u27TzMH40hSNh s+Sz6FG+3fs8uO6kFV7XMuCB/nNBGtRgm20W9he0ovwEGyAOKf7cDjJ1FeFf11z809ny5+5CU Uffm1tvcN8ScnGfgVb8bFqQGq+ep5/uGDXS+tw5xX7pk+PNXXoinJ3PHGTA5dcK72Gec= Sender: owner-linux-modules@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Large file system support is activated by default, which means that on 32 bit systems, off_t is 64 bit in size. Using st.st_size or any other 64 bit variable with mmap can lead to integer truncation and therefore insufficient memory mapping. Signed-off-by: Tobias Stoeckmann --- libkmod/libkmod-file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libkmod/libkmod-file.c b/libkmod/libkmod-file.c index 5eeba6a..86f34c6 100644 --- a/libkmod/libkmod-file.c +++ b/libkmod/libkmod-file.c @@ -255,6 +255,8 @@ static int load_reg(struct kmod_file *file) return -errno; file->size = st.st_size; + if ((uintmax_t)st.st_size > (uintmax_t)SIZE_MAX) + return -EFBIG; file->memory = mmap(NULL, file->size, PROT_READ, MAP_PRIVATE, file->fd, 0); if (file->memory == MAP_FAILED)