Skip to content

Commit

Permalink
[module] check vmf->pgoff before using it
Browse files Browse the repository at this point in the history 
As reported by @Crispy-fried-chicken in issue #1133 there is a potential
XXE vulnerability here. This fixes this problem by verifying the value
of `vmf->pgff` does not exceed the bounds of the memory mapping.

Fixes: #1133
  • Loading branch information
@gnif
gnif committed Aug 26, 2024
1 parent d060e37 commit 3ea37b8
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
2 changes: 1 addition & 1 deletion module/dkms.conf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
PACKAGE_NAME="kvmfr"
PACKAGE_VERSION="0.0.10"
PACKAGE_VERSION="0.0.11"
BUILT_MODULE_NAME[0]="${PACKAGE_NAME}"
MAKE[0]="make KDIR=${kernel_source_dir}"
CLEAN="make KDIR=${kernel_source_dir} clean"
Expand Down
6 changes: 5 additions & 1 deletion module/kvmfr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,8 +88,12 @@ static vm_fault_t kvmfr_vm_fault(struct vm_fault *vmf)
{
struct vm_area_struct *vma = vmf->vma;
struct kvmfrbuf *kbuf = (struct kvmfrbuf *)vma->vm_private_data;
pgoff_t pgoff = vmf->pgoff;

vmf->page = kbuf->pages[vmf->pgoff];
if (pgoff >= kbuf->pagecount)
return VM_FAULT_SIGBUS;

vmf->page = kbuf->pages[pgoff];
get_page(vmf->page);
return 0;
}
Expand Down

0 comments on commit 3ea37b8

Please sign in to comment.