Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

ipc/shm.c: check for integer overflow during shmget.

SHMMAX is the upper limit for the size of a shared memory segment, counted
in bytes.  The actual allocation is that size, rounded up to the next full
page.

Add a check that prevents the creation of segments where the rounded up
size causes an integer overflow.

Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Acked-by: Davidlohr Bueso <davidlohr@hp.com>
Acked-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Acked-by: Michael Kerrisk <mtk.manpages@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Manfred Spraul 11 years ago
parent
09c6eb1f65
commit
1376327ce1
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      ipc/shm.c

+ 3 - 0
ipc/shm.c
View File 

@@ -493,6 +493,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
 
 	if (size < SHMMIN || size > ns->shm_ctlmax)
 
 		return -EINVAL;
 
 
+	if (numpages << PAGE_SHIFT < size)
 
+		return -ENOSPC;
 
+
 
 	if (ns->shm_tot + numpages < ns->shm_tot ||
 
 			ns->shm_tot + numpages > ns->shm_ctlall)
 
 		return -ENOSPC;