From: Liang Zhen <liang.zhen@xxxxxxxxx> Ensure that user land data is at least the smallest size. Signed-off-by: Liang Zhen <liang.zhen@xxxxxxxxx> Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5435 Reviewed-on: http://review.whamcloud.com/11313 Reviewed-by: Bobi Jam <bobijam@xxxxxxxxx> Reviewed-by: Johann Lombardi <johann.lombardi@xxxxxxxxx> Reviewed-by: Oleg Drokin <oleg.drokin@xxxxxxxxx> --- .../lustre/lnet/libcfs/linux/linux-module.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/drivers/staging/lustre/lnet/libcfs/linux/linux-module.c b/drivers/staging/lustre/lnet/libcfs/linux/linux-module.c index 35e2fcf..ae05895 100644 --- a/drivers/staging/lustre/lnet/libcfs/linux/linux-module.c +++ b/drivers/staging/lustre/lnet/libcfs/linux/linux-module.c @@ -73,6 +73,11 @@ int libcfs_ioctl_getdata(struct libcfs_ioctl_hdr **hdr_pp, return -EINVAL; } + if (hdr.ioc_len < sizeof(struct libcfs_ioctl_data)) { + CERROR("libcfs ioctl: user buffer too small for ioctl\n"); + return -EINVAL; + } + if (hdr.ioc_len > LIBCFS_IOC_DATA_MAX) { CERROR("libcfs ioctl: user buffer is too large %d/%d\n", hdr.ioc_len, LIBCFS_IOC_DATA_MAX); -- 1.7.1 _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
