Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ef58bccab7c7ef34451aa4ceea39545ef126b666
Commit:     ef58bccab7c7ef34451aa4ceea39545ef126b666
Parent:     a5dd06313dbcec3a2c8a5e4a6f3ddb2a8fc72ec9
Author:     Al Viro <[EMAIL PROTECTED]>
AuthorDate: Fri Jan 25 23:22:26 2008 -0500
Committer:  David Teigland <[EMAIL PROTECTED]>
CommitDate: Mon Feb 4 01:26:31 2008 -0600

    dlm: make find_rsb() fail gracefully when namelen is too large
    
    We *can* get there from receive_request() and dlm_recover_master_copy()
    with namelen too large if incoming request is invalid; BUG() from
    DLM_ASSERT() in allocate_rsb() is a bit excessive reaction to that
    and in case of dlm_recover_master_copy() we would actually oops before
    that while calculating hash of up to 64Kb worth of data - with data
    actually being 64 _bytes_ in kmalloc()'ed struct.
    
    Signed-off-by: Al Viro <[EMAIL PROTECTED]>
    Signed-off-by: David Teigland <[EMAIL PROTECTED]>
---
 fs/dlm/lock.c |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c
index 0593dd8..6d98cf9 100644
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -436,11 +436,15 @@ static int find_rsb(struct dlm_ls *ls, char *name, int 
namelen,
 {
        struct dlm_rsb *r, *tmp;
        uint32_t hash, bucket;
-       int error = 0;
+       int error = -EINVAL;
+
+       if (namelen > DLM_RESNAME_MAXLEN)
+               goto out;
 
        if (dlm_no_directory(ls))
                flags |= R_CREATE;
 
+       error = 0;
        hash = jhash(name, namelen, 0);
        bucket = hash & (ls->ls_rsbtbl_size - 1);
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to