Re: dm snap : add sanity checks to snapshot_ctr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 25 2020 at  1:48am -0500,
Defang Bo <bodefang@xxxxxxx> wrote:

> Similar to commit<70de2cbd>,there should be a check for argc and argv to prevent Null pointer dereferencing
> when the dm_get_device invoked twice on the same device path with differnt mode.
> 
> Signed-off-by: Defang Bo <bodefang@xxxxxxx>
> ---
>  drivers/md/dm-snap.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
> index 4668b2c..dccce8b 100644
> --- a/drivers/md/dm-snap.c
> +++ b/drivers/md/dm-snap.c
> @@ -1258,6 +1258,13 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv)
>  
>  	as.argc = argc;
>  	as.argv = argv;
> +
> +	if (!strcmp(argv[0], argv[1])) {
> +		ti->error = "Error setting metadata or data device";
> +		r = -EINVAL;
> +		goto bad;
> +	}
> +
>  	dm_consume_args(&as, 4);
>  	r = parse_snapshot_features(&as, s, ti);
>  	if (r)
> -- 
> 2.7.4
> 

We already have this later in snapshot_ctr:

        if (cow_dev && cow_dev == origin_dev) {
                ti->error = "COW device cannot be the same as origin device";
                r = -EINVAL;
                goto bad_cow;
        }

Which happens before the 2nd dm_get_device() for the cow device.  So
I'm not seeing how you could experience the NULL pointer you say is
possible.

Mike

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel




[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux