This patch adds an additional check inside the dlm locking from user space functionality that the namelen isn't above the maximum allowed dlm resource name length. If the namelen is above the maximum allowed we have a invalid state and out of buffer access can occur. Cut off the namelen attribute to maximum size is not an option because we might run into name conflicts and the user should be get aware of that.
Signed-off-by: Alexander Aring <aahri...@redhat.com> --- fs/dlm/user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/dlm/user.c b/fs/dlm/user.c index e5cefa90b1ce..9f2f743eeb31 100644 --- a/fs/dlm/user.c +++ b/fs/dlm/user.c @@ -241,6 +241,9 @@ static int device_user_lock(struct dlm_user_proc *proc, uint32_t lkid; int error = -ENOMEM; + if (params->namelen > DLM_RESNAME_MAXLEN) + return -EINVAL; + ls = dlm_find_lockspace_local(proc->lockspace); if (!ls) return -ENOENT; -- 2.26.2