Signed-off-by: Martin Wilck <mwilck@xxxxxxxx> --- libmpathpersist/mpath_pr_ioctl.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libmpathpersist/mpath_pr_ioctl.c b/libmpathpersist/mpath_pr_ioctl.c index c4f4ccd..cf528fe 100644 --- a/libmpathpersist/mpath_pr_ioctl.c +++ b/libmpathpersist/mpath_pr_ioctl.c @@ -211,7 +211,8 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy) unsigned char *p; char *ppbuff; uint32_t additional_length; - + char tempbuff[MPATH_MAX_PARAM_LEN]; + struct prin_fulldescr fdesc; convert_be32_to_cpu(&pr_buff->prin_descriptor.prin_readfd.prgeneration); convert_be32_to_cpu(&pr_buff->prin_descriptor.prin_readfd.number_of_descriptor); @@ -223,9 +224,12 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy) } additional_length = pr_buff->prin_descriptor.prin_readfd.number_of_descriptor; + if (additional_length > MPATH_MAX_PARAM_LEN) { + condlog(3, "PRIN length %u exceeds max length %d", additional_length, + MPATH_MAX_PARAM_LEN); + return; + } - char tempbuff[MPATH_MAX_PARAM_LEN]; - struct prin_fulldescr fdesc; memset(&fdesc, 0, sizeof(struct prin_fulldescr)); memcpy( tempbuff, pr_buff->prin_descriptor.prin_readfd.private_buffer,MPATH_MAX_PARAM_LEN ); -- 2.19.2 -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel