linux/net/ceph
Xi Wang a550604950 libceph: fix overflow in osdmap_apply_incremental()
On 32-bit systems, a large `pglen' would overflow `pglen*sizeof(u32)'
and bypass the check ceph_decode_need(p, end, pglen*sizeof(u32), bad).
It would also overflow the subsequent kmalloc() size, leading to
out-of-bounds write.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Alex Elder <elder@inktank.com>
2012-06-07 08:28:16 -05:00
..
crush crush: fix memory leak when destroying tree buckets 2012-05-07 15:39:36 -07:00
armor.c libceph: Fix base64-decoding when input ends in newline. 2011-03-15 09:14:02 -07:00
auth_none.c ceph: messenger: reduce args to create_authorizer 2012-05-17 08:18:12 -05:00
auth_none.h ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
auth_x_protocol.h ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
auth_x.c ceph: messenger: reduce args to create_authorizer 2012-05-17 08:18:12 -05:00
auth_x.h ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
auth.c ceph: Move secret key parsing earlier. 2011-03-29 12:11:16 -07:00
buffer.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
ceph_common.c libceph: embed ceph messenger structure in ceph_client 2012-06-01 08:37:56 -05:00
ceph_fs.c ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
ceph_hash.c ceph: add dir_layout to inode 2011-01-12 15:15:12 -08:00
ceph_strings.c ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
crypto.c ceph: Use kmemdup rather than duplicating its implementation 2012-01-10 08:56:54 -08:00
crypto.h libceph: Create a new key type "ceph". 2011-03-29 12:11:24 -07:00
debugfs.c rbd: introduce rados block device (rbd), based on libceph 2010-10-20 15:38:13 -07:00
Kconfig ceph: use kernel DNS resolver 2011-10-25 16:10:16 -07:00
Makefile Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
messenger.c rbd: Clear ceph_msg->bio_iter for retransmitted message 2012-06-07 08:27:33 -05:00
mon_client.c libceph: make ceph_con_revoke() a msg operation 2012-06-06 09:23:54 -05:00
msgpool.c libceph: don't complain on msgpool alloc failures 2011-10-25 16:10:15 -07:00
osd_client.c libceph: make ceph_con_revoke_message() a msg op 2012-06-06 09:23:55 -05:00
osdmap.c libceph: fix overflow in osdmap_apply_incremental() 2012-06-07 08:28:16 -05:00
pagelist.c ceph: fix num_pages_free accounting in pagelist 2010-10-20 15:38:23 -07:00
pagevec.c libceph: fix handling of short returns from get_user_pages 2011-03-03 13:47:39 -08:00