forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

fs: prevent out-of-bounds array speculation when closing a file descriptor

Browse source 
commit 609d544414 upstream.

Google-Bug-Id: 114199369
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Theodore Ts'o 2023-03-06 13:54:50 -05:00 committed by Greg Kroah-Hartman
commit a759905de9
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
fs/file.c
View file

@ -677,6 +677,7 @@ static struct file *pick_file(struct files_struct *files, unsigned fd)
fdt = files_fdtable(files);
if (fd >= fdt->max_fds)
goto out_unlock;
fd = array_index_nospec(fd, fdt->max_fds);
file = fdt->fd[fd];
if (!file)
goto out_unlock;