]> git.karo-electronics.de Git - karo-tx-linux.git/blobdiff - fs/splice.c
projects / karo-tx-linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
splice: fix user pointer access in get_iovec_page_array() (CVE-2008-0600)
[karo-tx-linux.git] / fs / splice.c
diff --git a/fs/splice.c b/fs/splice.c
index e263d3b361456cf669a0782e84e8b3c61772f936..dbbe267211b19751423f8a212d8ff51165f2ecc5 100644 (file)
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1182,6 +1182,9 @@ static int get_iovec_page_array(const struct iovec __user *iov,
                if (unlikely(!base))
                        break;
 
+               if (!access_ok(VERIFY_READ, base, len))
+                       break;
+
                /*
                 * Get this base offset and number of pages, then map
                 * in the user pages.
Linux kernel for KaRo TX COM modules