staging/lustre/llite: Fix integer overflow in ll_fid2path

Reported by Dan Carpenter <dan.carpenter@oracle.com> outsize = sizeof(*gfout) + gfin->gf_pathlen; Where outsize is int and gf_pathlen is u32 from userspace can lead to integer overflowwhere outsize is some small number less than sizeof(*gfout) Add a check for pathlen to be of sensical size. Signed-off-by: Oleg Drokin <oleg.drokin@intel.com> Reviewed-on: http://review.whamcloud.com/11412 Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5476 Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com> Reviewed-by: John L. Hammond <john.hammond@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Oleg Drokin <green@linuxhacker.ru> 2014-08-15 20:48:13 +0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-08-17 20:38:43 +0400
commit: c7b09efacf54210be511450768c0ee98071feb7f (patch)
tree: c76ff1da2a1f35bbd59c614dbf2115214721a0aa
parent: 2b358b4ea5b2912726d872611089e790a8388b62 (diff)
download: linux-c7b09efacf54210be511450768c0ee98071feb7f.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/staging/lustre/lustre/llite/file.c b/drivers/staging/lustre/lustre/llite/file.c
index d3874e1afba8..4a33638bef25 100644
--- a/drivers/staging/lustre/lustre/llite/file.c
+++ b/drivers/staging/lustre/lustre/llite/file.c
@@ -1719,6 +1719,9 @@ int ll_fid2path(struct inode *inode, void __user *arg)
 	if (get_user(pathlen, &gfin->gf_pathlen))
 		return -EFAULT;
 
+	if (pathlen > PATH_MAX)
+		return -EINVAL;
+
 	outsize = sizeof(*gfout) + pathlen;
 
 	OBD_ALLOC(gfout, outsize);
author	Oleg Drokin <green@linuxhacker.ru>	2014-08-15 20:48:13 +0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2014-08-17 20:38:43 +0400
commit	c7b09efacf54210be511450768c0ee98071feb7f (patch)
tree	c76ff1da2a1f35bbd59c614dbf2115214721a0aa
parent	2b358b4ea5b2912726d872611089e790a8388b62 (diff)
download	linux-c7b09efacf54210be511450768c0ee98071feb7f.tar.xz