OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

staging: lustre: validate size in ll_setxattr() 

If size is smaller than the lov_user_md struct then we are reading
beyond the end of the buffer.  I guess this is an information leak or it
could cause an Oops if the memory is not mapped.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Dan Carpenter 2014-10-22 17:23:07 +03:00 committed by Greg Kroah-Hartman
parent 85bcfab469
commit 87ebccf97f
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/staging/lustre/lustre/llite/xattr.c
View File

@ -234,6 +234,9 @@ int ll_setxattr(struct dentry *dentry, const char *name,
struct lov_user_md *lump = (struct lov_user_md *)value;
int rc = 0;
if (size != 0 && size < sizeof(struct lov_user_md))
return -EINVAL;
/* Attributes that are saved via getxattr will always have
* the stripe_offset as 0. Instead, the MDS should be
* allowed to pick the starting OST index. b=17846 */