Skip to content

vfs: fs_context: fix up param length parsing in legacy_parse_param

Carlos Maiolino requested to merge cmaiolino/centos-stream-9:bz2040587 into main

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2040587 CVE: CVE-2022-0185 Tested: sanity only

The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an unsigned type so a large value of "size" results in a high positive value instead of a negative value as expected. Fix this by getting rid of the subtraction.

Signed-off-by: Jamie Hill-Daniel jamie@hill-daniel.co.uk Signed-off-by: William Liu willsroot@protonmail.com Tested-by: Salvatore Bonaccorso carnil@debian.org Tested-by: Thadeu Lima de Souza Cascardo cascardo@canonical.com Acked-by: Dan Carpenter dan.carpenter@oracle.com Acked-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org (cherry picked from commit 722d94847de29310e8aa03fcbdb41fc92c521756)

Signed-off-by: Carlos Maiolino cmaiolino@redhat.com

Edited by Carlos Maiolino

Merge request reports