Commit 0ee6c2a3 authored by Todd Kjos's avatar Todd Kjos Committed by Yongqiang Liu
Browse files

binder: check for overflow when alloc for security context 

mainline inclusion
from mainline-v5.2-rc1
commit 0b050950
category: bugfix
bugzilla: 188431, https://gitee.com/src-openeuler/kernel/issues/I6DKVG
CVE: CVE-2023-20938

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b0509508beff65c1d50541861bc0d4973487dc5



--------------------------------

When allocating space in the target buffer for the security context,
make sure the extra_buffers_size doesn't overflow. This can only
happen if the given size is invalid, but an overflow can turn it
into a valid size. Fail the transaction if an overflow is detected.

Signed-off-by: default avatarTodd Kjos <tkjos@google.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLi Huafei <lihuafei1@huawei.com>
Reviewed-by: default avatarZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: default avatarWang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: default avatarYongqiang Liu <liuyongqiang13@huawei.com>
parent e8311e88
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment