projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 68596bd)
pnfs/blocklayout: reject too long signatures
authorChristoph Hellwig <hch@lst.de>
Mon, 17 Aug 2015 16:40:59 +0000 (18:40 +0200)
committerTrond Myklebust <trond.myklebust@primarydata.com>
Mon, 17 Aug 2015 18:22:49 +0000 (13:22 -0500)
Instead of overwriting kernel memory reject too long signatures.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
fs/nfs/blocklayout/dev.c patch | blob | history

diff --git a/fs/nfs/blocklayout/dev.c b/fs/nfs/blocklayout/dev.c
index e535599a07191619c28eba93342388a59267114e..d76993a424322d122102a9fb2eff4bf88a68aad6 100644 (file)
--- a/fs/nfs/blocklayout/dev.c
+++ b/fs/nfs/blocklayout/dev.c
@@ -65,6 +65,11 @@ nfs4_block_decode_volume(struct xdr_stream *xdr, struct pnfs_block_volume *b)
                                return -EIO;
                        p = xdr_decode_hyper(p, &b->simple.sigs[i].offset);
                        b->simple.sigs[i].sig_len = be32_to_cpup(p++);
+                       if (b->simple.sigs[i].sig_len > PNFS_BLOCK_UUID_LEN) {
+                               pr_info("signature too long: %d\n",
+                                       b->simple.sigs[i].sig_len);
+                               return -EIO;
+                       }
 
                        p = xdr_inline_decode(xdr, b->simple.sigs[i].sig_len);
                        if (!p)
John Crispins staging tree