[PATCH 18/39] libmpathcmd: limit size of the CLI buffer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A malicious program might inject a large buffer via the CLI and
causing the daemon to abort due to OOM.
So limit the maximum CLI buffer size to 64k.
Found by coverity.

Signed-off-by: Hannes Reinecke <hare@xxxxxxxx>
---
 libmpathcmd/mpath_cmd.c | 2 ++
 libmpathcmd/mpath_cmd.h | 1 +
 2 files changed, 3 insertions(+)

diff --git a/libmpathcmd/mpath_cmd.c b/libmpathcmd/mpath_cmd.c
index 1aaf5ea..2290ecb 100644
--- a/libmpathcmd/mpath_cmd.c
+++ b/libmpathcmd/mpath_cmd.c
@@ -142,6 +142,8 @@ int mpath_recv_reply(int fd, char **reply, unsigned int timeout)
 	len = mpath_recv_reply_len(fd, timeout);
 	if (len <= 0)
 		return len;
+	if (len > MAX_REPLY_LEN)
+		return -EINVAL;
 	*reply = malloc(len);
 	if (!*reply)
 		return -1;
diff --git a/libmpathcmd/mpath_cmd.h b/libmpathcmd/mpath_cmd.h
index 4ec0291..f33f000 100644
--- a/libmpathcmd/mpath_cmd.h
+++ b/libmpathcmd/mpath_cmd.h
@@ -28,6 +28,7 @@ extern "C" {
 
 #define DEFAULT_SOCKET		"/org/kernel/linux/storage/multipathd"
 #define DEFAULT_REPLY_TIMEOUT	1000
+#define MAX_REPLY_LEN		65536
 
 
 /*
-- 
2.6.6

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel



[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux