ceph_pagelist_encode_string() should only handle string which is not
longer than U32_MAX. However, the type size_t in 64bit environment
will be 64bit unsigned long. So add a check of string length and return
error when failing from the check.
Signed-off-by: Chengguang Xu <cgxu519@xxxxxxx>
---
v2:
- Return error instead of crashing kernel when string length is longer than
U32_MAX.
include/linux/ceph/pagelist.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/linux/ceph/pagelist.h b/include/linux/ceph/pagelist.h
index 7edcded07641..66e8ad834262 100644
--- a/include/linux/ceph/pagelist.h
+++ b/include/linux/ceph/pagelist.h
@@ -70,7 +70,11 @@ static inline int ceph_pagelist_encode_8(struct ceph_pagelist *pl, u8 v)
static inline int ceph_pagelist_encode_string(struct ceph_pagelist *pl,
char *s, size_t len)
{
- int ret = ceph_pagelist_encode_32(pl, len);
+ int ret;
+
+ if (len > U32_MAX)
+ return -ERANGE;
+ ret = ceph_pagelist_encode_32(pl, len);
if (ret)
return ret;
if (len)
--
2.17.1
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
