diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2014-10-22 17:23:07 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-10-29 16:33:11 +0800 |
commit | 87ebccf97f54fe20c0a8a86e21164473cc7d57e1 (patch) | |
tree | 97c1af9d5e16a20c95479d6e48f9a301768f7f68 /drivers/staging/lustre | |
parent | 85bcfab46955e6f4bcfd08ffb989f941e003da2a (diff) | |
download | op-kernel-dev-87ebccf97f54fe20c0a8a86e21164473cc7d57e1.zip op-kernel-dev-87ebccf97f54fe20c0a8a86e21164473cc7d57e1.tar.gz |
staging: lustre: validate size in ll_setxattr()
If size is smaller than the lov_user_md struct then we are reading
beyond the end of the buffer. I guess this is an information leak or it
could cause an Oops if the memory is not mapped.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging/lustre')
-rw-r--r-- | drivers/staging/lustre/lustre/llite/xattr.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 252a619..3ad9796 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -234,6 +234,9 @@ int ll_setxattr(struct dentry *dentry, const char *name, struct lov_user_md *lump = (struct lov_user_md *)value; int rc = 0; + if (size != 0 && size < sizeof(struct lov_user_md)) + return -EINVAL; + /* Attributes that are saved via getxattr will always have * the stripe_offset as 0. Instead, the MDS should be * allowed to pick the starting OST index. b=17846 */ |