On Sun, Feb 11, 2018 at 2:33 AM, Chengguang Xu <cgxu519@xxxxxxxxxx> wrote:
> num_mon should allow up to CEPH_MAX_MON in ceph_monmap_decode().
>
> Signed-off-by: Chengguang Xu <cgxu519@xxxxxxxxxx>
> ---
> net/ceph/mon_client.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c
> index 1547107..b3dac24 100644
> --- a/net/ceph/mon_client.c
> +++ b/net/ceph/mon_client.c
> @@ -60,7 +60,7 @@ struct ceph_monmap *ceph_monmap_decode(void *p, void *end)
> num_mon = ceph_decode_32(&p);
> ceph_decode_need(&p, end, num_mon*sizeof(m->mon_inst[0]), bad);
>
> - if (num_mon >= CEPH_MAX_MON)
> + if (num_mon > CEPH_MAX_MON)
> goto bad;
> m = kmalloc(sizeof(*m) + sizeof(m->mon_inst[0])*num_mon, GFP_NOFS);
> if (m == NULL)
Applied.
Thanks,
Ilya
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
