Commit 7bc3dfa3 authored by Vitaly Osipov's avatar Vitaly Osipov Committed by Greg Kroah-Hartman

staging: lustre: check for integer overflow

In ll_ioctl_fiemap(), a user-supplied value is used to calculate a
length of a buffer which is later allocated with user data.
Signed-off-by: default avatarVitaly Osipov <vitaly.osipov@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 37aa4836
...@@ -1829,6 +1829,10 @@ static int ll_ioctl_fiemap(struct inode *inode, unsigned long arg) ...@@ -1829,6 +1829,10 @@ static int ll_ioctl_fiemap(struct inode *inode, unsigned long arg)
if (get_user(extent_count, if (get_user(extent_count,
&((struct ll_user_fiemap __user *)arg)->fm_extent_count)) &((struct ll_user_fiemap __user *)arg)->fm_extent_count))
return -EFAULT; return -EFAULT;
if (extent_count >=
(SIZE_MAX - sizeof(*fiemap_s)) / sizeof(struct ll_fiemap_extent))
return -EINVAL;
num_bytes = sizeof(*fiemap_s) + (extent_count * num_bytes = sizeof(*fiemap_s) + (extent_count *
sizeof(struct ll_fiemap_extent)); sizeof(struct ll_fiemap_extent));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment