| Message ID | 20180624130603.16782-1-cgxu519@gmx.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Sun, Jun 24, 2018 at 3:06 PM Chengguang Xu <cgxu519@gmx.com> wrote: > > ceph_pagelist_encode_string() should only handle string which is not > longer than U32_MAX. However, the type size_t in 64bit environment > will be 64bit unsigned long. So add a check of string length and return > error when failing from the check. > > Signed-off-by: Chengguang Xu <cgxu519@gmx.com> > --- > v2: > - Return error instead of crashing kernel when string length is longer than > U32_MAX. > > include/linux/ceph/pagelist.h | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/include/linux/ceph/pagelist.h b/include/linux/ceph/pagelist.h > index 7edcded07641..66e8ad834262 100644 > --- a/include/linux/ceph/pagelist.h > +++ b/include/linux/ceph/pagelist.h > @@ -70,7 +70,11 @@ static inline int ceph_pagelist_encode_8(struct ceph_pagelist *pl, u8 v) > static inline int ceph_pagelist_encode_string(struct ceph_pagelist *pl, > char *s, size_t len) > { > - int ret = ceph_pagelist_encode_32(pl, len); > + int ret; > + > + if (len > U32_MAX) > + return -ERANGE; > + ret = ceph_pagelist_encode_32(pl, len); > if (ret) > return ret; > if (len) Applied. Thanks, Ilya -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/ceph/pagelist.h b/include/linux/ceph/pagelist.h index 7edcded07641..66e8ad834262 100644 --- a/include/linux/ceph/pagelist.h +++ b/include/linux/ceph/pagelist.h @@ -70,7 +70,11 @@ static inline int ceph_pagelist_encode_8(struct ceph_pagelist *pl, u8 v) static inline int ceph_pagelist_encode_string(struct ceph_pagelist *pl, char *s, size_t len) { - int ret = ceph_pagelist_encode_32(pl, len); + int ret; + + if (len > U32_MAX) + return -ERANGE; + ret = ceph_pagelist_encode_32(pl, len); if (ret) return ret; if (len)
ceph_pagelist_encode_string() should only handle string which is not longer than U32_MAX. However, the type size_t in 64bit environment will be 64bit unsigned long. So add a check of string length and return error when failing from the check. Signed-off-by: Chengguang Xu <cgxu519@gmx.com> --- v2: - Return error instead of crashing kernel when string length is longer than U32_MAX. include/linux/ceph/pagelist.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)