Signed-off-by: Martin Wilck <mwilck@xxxxxxxx>
---
libmpathpersist/mpath_pr_ioctl.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/libmpathpersist/mpath_pr_ioctl.c b/libmpathpersist/mpath_pr_ioctl.c
index c4f4ccd..cf528fe 100644
--- a/libmpathpersist/mpath_pr_ioctl.c
+++ b/libmpathpersist/mpath_pr_ioctl.c
@@ -211,7 +211,8 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy)
unsigned char *p;
char *ppbuff;
uint32_t additional_length;
-
+ char tempbuff[MPATH_MAX_PARAM_LEN];
+ struct prin_fulldescr fdesc;
convert_be32_to_cpu(&pr_buff->prin_descriptor.prin_readfd.prgeneration);
convert_be32_to_cpu(&pr_buff->prin_descriptor.prin_readfd.number_of_descriptor);
@@ -223,9 +224,12 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy)
}
additional_length = pr_buff->prin_descriptor.prin_readfd.number_of_descriptor;
+ if (additional_length > MPATH_MAX_PARAM_LEN) {
+ condlog(3, "PRIN length %u exceeds max length %d", additional_length,
+ MPATH_MAX_PARAM_LEN);
+ return;
+ }
- char tempbuff[MPATH_MAX_PARAM_LEN];
- struct prin_fulldescr fdesc;
memset(&fdesc, 0, sizeof(struct prin_fulldescr));
memcpy( tempbuff, pr_buff->prin_descriptor.prin_readfd.private_buffer,MPATH_MAX_PARAM_LEN );
--
2.19.2
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel
