staging: lustre: validate size in ll_setxattr()
If size is smaller than the lov_user_md struct then we are reading beyond the end of the buffer. I guess this is an information leak or it could cause an Oops if the memory is not mapped. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
85bcfab469
commit
87ebccf97f
|
@ -234,6 +234,9 @@ int ll_setxattr(struct dentry *dentry, const char *name,
|
|||
struct lov_user_md *lump = (struct lov_user_md *)value;
|
||||
int rc = 0;
|
||||
|
||||
if (size != 0 && size < sizeof(struct lov_user_md))
|
||||
return -EINVAL;
|
||||
|
||||
/* Attributes that are saved via getxattr will always have
|
||||
* the stripe_offset as 0. Instead, the MDS should be
|
||||
* allowed to pick the starting OST index. b=17846 */
|
||||
|
|
Loading…
Reference in New Issue