diff options
author | Christoph Hellwig <hch@lst.de> | 2015-08-17 19:40:59 +0300 |
---|---|---|
committer | Trond Myklebust <trond.myklebust@primarydata.com> | 2015-08-17 21:22:49 +0300 |
commit | 2bd3c63a333c364cfde4701b51f82e1fae106a88 (patch) | |
tree | 5282101721bb074c7b77efb5a88939467a379c03 /fs | |
parent | 68596bd188e5e621c28a2f6fc0a3dd80a606d16b (diff) | |
download | linux-2bd3c63a333c364cfde4701b51f82e1fae106a88.tar.xz |
pnfs/blocklayout: reject too long signatures
Instead of overwriting kernel memory reject too long signatures.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/nfs/blocklayout/dev.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/nfs/blocklayout/dev.c b/fs/nfs/blocklayout/dev.c index e535599a0719..d76993a42432 100644 --- a/fs/nfs/blocklayout/dev.c +++ b/fs/nfs/blocklayout/dev.c @@ -65,6 +65,11 @@ nfs4_block_decode_volume(struct xdr_stream *xdr, struct pnfs_block_volume *b) return -EIO; p = xdr_decode_hyper(p, &b->simple.sigs[i].offset); b->simple.sigs[i].sig_len = be32_to_cpup(p++); + if (b->simple.sigs[i].sig_len > PNFS_BLOCK_UUID_LEN) { + pr_info("signature too long: %d\n", + b->simple.sigs[i].sig_len); + return -EIO; + } p = xdr_inline_decode(xdr, b->simple.sigs[i].sig_len); if (!p) |