On Sun, Jun 24, 2018 at 3:06 PM Chengguang Xu <cgxu519@xxxxxxx> wrote:
>
> ceph_pagelist_encode_string() should only handle string which is not
> longer than U32_MAX. However, the type size_t in 64bit environment
> will be 64bit unsigned long. So add a check of string length and return
> error when failing from the check.
>
> Signed-off-by: Chengguang Xu <cgxu519@xxxxxxx>
> ---
> v2:
> - Return error instead of crashing kernel when string length is longer than
> U32_MAX.
>
> include/linux/ceph/pagelist.h | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/ceph/pagelist.h b/include/linux/ceph/pagelist.h
> index 7edcded07641..66e8ad834262 100644
> --- a/include/linux/ceph/pagelist.h
> +++ b/include/linux/ceph/pagelist.h
> @@ -70,7 +70,11 @@ static inline int ceph_pagelist_encode_8(struct ceph_pagelist *pl, u8 v)
> static inline int ceph_pagelist_encode_string(struct ceph_pagelist *pl,
> char *s, size_t len)
> {
> - int ret = ceph_pagelist_encode_32(pl, len);
> + int ret;
> +
> + if (len > U32_MAX)
> + return -ERANGE;
> + ret = ceph_pagelist_encode_32(pl, len);
> if (ret)
> return ret;
> if (len)
Applied.
Thanks,
Ilya
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
