[patch 2/2] staging: lustre: validate size in ll_setxattr()

Drokin, Oleg oleg.drokin at intel.com
Wed Oct 22 13:53:15 UTC 2014


On Oct 22, 2014, at 6:32 AM, Dan Carpenter wrote:
>> In that case, size == 0 seems to be the wrong value size for an lov param
>> as well.
> I don't know about this.  The code is very clear that size == 0 is
> acceptable inside the if statement.  Oleg?

I am not sure what if statement do you mean?
If it's the "if ((strncmp(name, XATTR_TRUSTED_PREFIX," one then size of 0
does seem to be incorrect:

                struct lov_user_md *lump = (struct lov_user_md *)value; 
// (I hope this is not a user pointer?)
                if (lump != NULL && lump->lmm_stripe_offset == 0)
                        lump->lmm_stripe_offset = -1;
// So, if lump is 0, we are already accessing past allowed range
                        int lum_size = (lump->lmm_magic == LOV_USER_MAGIC_V1) ?
and again…


More information about the devel mailing list