[patch 2/2] staging: lustre: validate size in ll_setxattr()
oleg.drokin at intel.com
Wed Oct 22 13:53:15 UTC 2014
On Oct 22, 2014, at 6:32 AM, Dan Carpenter wrote:
>> In that case, size == 0 seems to be the wrong value size for an lov param
>> as well.
> I don't know about this. The code is very clear that size == 0 is
> acceptable inside the if statement. Oleg?
I am not sure what if statement do you mean?
If it's the "if ((strncmp(name, XATTR_TRUSTED_PREFIX," one then size of 0
does seem to be incorrect:
struct lov_user_md *lump = (struct lov_user_md *)value;
// (I hope this is not a user pointer?)
if (lump != NULL && lump->lmm_stripe_offset == 0)
lump->lmm_stripe_offset = -1;
// So, if lump is 0, we are already accessing past allowed range
int lum_size = (lump->lmm_magic == LOV_USER_MAGIC_V1) ?
More information about the devel