dlm: receive_rcom_lock_args() overflow check

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Teigland <teigland@redhat.com>
This commit is contained in:
Al Viro 2008-01-25 20:22:22 -05:00 committed by David Teigland
parent ae773d0b74
commit a5dd06313d
1 changed files with 4 additions and 3 deletions

View File

@ -4271,7 +4271,6 @@ static int receive_rcom_lock_args(struct dlm_ls *ls, struct dlm_lkb *lkb,
struct dlm_rsb *r, struct dlm_rcom *rc) struct dlm_rsb *r, struct dlm_rcom *rc)
{ {
struct rcom_lock *rl = (struct rcom_lock *) rc->rc_buf; struct rcom_lock *rl = (struct rcom_lock *) rc->rc_buf;
int lvblen;
lkb->lkb_nodeid = rc->rc_header.h_nodeid; lkb->lkb_nodeid = rc->rc_header.h_nodeid;
lkb->lkb_ownpid = le32_to_cpu(rl->rl_ownpid); lkb->lkb_ownpid = le32_to_cpu(rl->rl_ownpid);
@ -4288,11 +4287,13 @@ static int receive_rcom_lock_args(struct dlm_ls *ls, struct dlm_lkb *lkb,
lkb->lkb_astaddr = (void *) (long) (rl->rl_asts & AST_COMP); lkb->lkb_astaddr = (void *) (long) (rl->rl_asts & AST_COMP);
if (lkb->lkb_exflags & DLM_LKF_VALBLK) { if (lkb->lkb_exflags & DLM_LKF_VALBLK) {
int lvblen = rc->rc_header.h_length - sizeof(struct dlm_rcom) -
sizeof(struct rcom_lock);
if (lvblen > ls->ls_lvblen)
return -EINVAL;
lkb->lkb_lvbptr = dlm_allocate_lvb(ls); lkb->lkb_lvbptr = dlm_allocate_lvb(ls);
if (!lkb->lkb_lvbptr) if (!lkb->lkb_lvbptr)
return -ENOMEM; return -ENOMEM;
lvblen = rc->rc_header.h_length - sizeof(struct dlm_rcom) -
sizeof(struct rcom_lock);
memcpy(lkb->lkb_lvbptr, rl->rl_lvb, lvblen); memcpy(lkb->lkb_lvbptr, rl->rl_lvb, lvblen);
} }