summaryrefslogtreecommitdiffstats
path: root/fs/nfs/blocklayout
diff options
context:
space:
mode:
authorChristoph Hellwig <hch@lst.de>2015-08-17 18:40:59 +0200
committerTrond Myklebust <trond.myklebust@primarydata.com>2015-08-17 13:22:49 -0500
commit2bd3c63a333c364cfde4701b51f82e1fae106a88 (patch)
tree5282101721bb074c7b77efb5a88939467a379c03 /fs/nfs/blocklayout
parent68596bd188e5e621c28a2f6fc0a3dd80a606d16b (diff)
downloadlinux-2bd3c63a333c364cfde4701b51f82e1fae106a88.tar.bz2
pnfs/blocklayout: reject too long signatures
Instead of overwriting kernel memory reject too long signatures. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Diffstat (limited to 'fs/nfs/blocklayout')
-rw-r--r--fs/nfs/blocklayout/dev.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/nfs/blocklayout/dev.c b/fs/nfs/blocklayout/dev.c
index e535599a0719..d76993a42432 100644
--- a/fs/nfs/blocklayout/dev.c
+++ b/fs/nfs/blocklayout/dev.c
@@ -65,6 +65,11 @@ nfs4_block_decode_volume(struct xdr_stream *xdr, struct pnfs_block_volume *b)
return -EIO;
p = xdr_decode_hyper(p, &b->simple.sigs[i].offset);
b->simple.sigs[i].sig_len = be32_to_cpup(p++);
+ if (b->simple.sigs[i].sig_len > PNFS_BLOCK_UUID_LEN) {
+ pr_info("signature too long: %d\n",
+ b->simple.sigs[i].sig_len);
+ return -EIO;
+ }
p = xdr_inline_decode(xdr, b->simple.sigs[i].sig_len);
if (!p)