From 1a80beea0f2f78f24d49df9b8a6cd15f38259cc0 Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Mon, 11 Feb 2008 11:05:27 +0000
Subject: [PATCH] CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
 Fix is Al Viro's suggested patch for RHEL5. Signed-off-by: Keir Fraser
 <keir.fraser@citrix.com>

---
 fs/splice.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/splice.c b/fs/splice.c
index 4eed2f6c..0153c97d 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1141,6 +1141,9 @@ static int get_iovec_page_array(const struct iovec __user *iov,
 		if (unlikely(!base))
 			break;
 
+		if (unlikely(!access_ok(VERIFY_READ, base, len)))
+			break;
+
 		/*
 		 * Get this base offset and number of pages, then map
 		 * in the user pages.
-- 
2.39.5