Searched hist:ad3b904c (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/net/ceph/ |
| H A D | osdmap.c | ad3b904c Wed Jun 06 19:35:55 CDT 2012 Xi Wang <xi.wang@gmail.com> libceph: fix overflow in __decode_pool_names()
`len' is read from network and thus needs validation. Otherwise a
large `len' would cause out-of-bounds access via the memcpy() call.
In addition, len = 0xffffffff would overflow the kmalloc() size,
leading to out-of-bounds write.
This patch adds a check of `len' via ceph_decode_need(). Also use
kstrndup rather than kmalloc/memcpy.
[elder@inktank.com: added -ENOMEM return for null kstrndup() result]
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Alex Elder <elder@inktank.com>
ad3b904c Wed Jun 06 19:35:55 CDT 2012 Xi Wang <xi.wang@gmail.com> libceph: fix overflow in __decode_pool_names()
`len' is read from network and thus needs validation. Otherwise a
large `len' would cause out-of-bounds access via the memcpy() call.
In addition, len = 0xffffffff would overflow the kmalloc() size,
leading to out-of-bounds write.
This patch adds a check of `len' via ceph_decode_need(). Also use
kstrndup rather than kmalloc/memcpy.
[elder@inktank.com: added -ENOMEM return for null kstrndup() result]
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Alex Elder <elder@inktank.com>
|