fanotify_write() only aligned copy_from_user size to sizeof(response)
for higher values. This patch avoids all values below as suggested
by Amir Goldstein and set to response size unconditionally.
Link: https://lore.kernel.org/r/20200512181921.405973-1-fabf@skynet.be
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
group = file->private_data;
- if (count > sizeof(response))
- count = sizeof(response);
+ if (count < sizeof(response))
+ return -EINVAL;
+
+ count = sizeof(response);
pr_debug("%s: group=%p count=%zu\n", __func__, group, count);