hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

staging/lustre/llite: Fix integer overflow in ll_fid2path 

Reported by Dan Carpenter <dan.carpenter@oracle.com>

outsize = sizeof(*gfout) + gfin->gf_pathlen;

Where outsize is int and gf_pathlen is u32 from userspace
can lead to integer overflowwhere outsize is some small number
less than sizeof(*gfout)

Add a check for pathlen to be of sensical size.

Signed-off-by: Oleg Drokin <oleg.drokin@intel.com>
Reviewed-on: http://review.whamcloud.com/11412
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5476
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Oleg Drokin 2014-08-15 12:48:13 -04:00 committed by Greg Kroah-Hartman
parent 2b358b4ea5
commit c7b09efacf
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/staging/lustre/lustre/llite/file.c
View File

@ -1719,6 +1719,9 @@ int ll_fid2path(struct inode *inode, void __user *arg)
if (get_user(pathlen, &gfin->gf_pathlen))
return -EFAULT;
if (pathlen > PATH_MAX)
return -EINVAL;
outsize = sizeof(*gfout) + pathlen;
OBD_ALLOC(gfout, outsize);