leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

staging: lustre: check for integer overflow

Browse Source 
In ll_ioctl_fiemap(), a user-supplied value is used to calculate a
length of a buffer which is later allocated with user data.

Signed-off-by: Vitaly Osipov <vitaly.osipov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Vitaly Osipov 2014-04-27 01:08:21 +10:00 committed by Greg Kroah-Hartman
parent 37aa48368f
commit 7bc3dfa37b
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drivers/staging/lustre/lustre/llite/file.c
View File

@ -1829,6 +1829,10 @@ static int ll_ioctl_fiemap(struct inode *inode, unsigned long arg)
if (get_user(extent_count, if (get_user(extent_count,
&((struct ll_user_fiemap __user *)arg)->fm_extent_count)) &((struct ll_user_fiemap __user *)arg)->fm_extent_count))
return -EFAULT; return -EFAULT;
if (extent_count >=
(SIZE_MAX - sizeof(*fiemap_s)) / sizeof(struct ll_fiemap_extent))
return -EINVAL;
num_bytes = sizeof(*fiemap_s) + (extent_count * num_bytes = sizeof(*fiemap_s) + (extent_count *
sizeof(struct ll_fiemap_extent)); sizeof(struct ll_fiemap_extent));