[patch 2/2] staging: lustre: validate size in ll_setxattr()
Dan Carpenter
dan.carpenter at oracle.com
Wed Oct 22 14:09:15 UTC 2014
On Wed, Oct 22, 2014 at 01:53:15PM +0000, Drokin, Oleg wrote:
> Hello!
>
> On Oct 22, 2014, at 6:32 AM, Dan Carpenter wrote:
> >> In that case, size == 0 seems to be the wrong value size for an lov param
> >> as well.
> > I don't know about this. The code is very clear that size == 0 is
> > acceptable inside the if statement. Oleg?
>
> I am not sure what if statement do you mean?
> If it's the "if ((strncmp(name, XATTR_TRUSTED_PREFIX," one then size of 0
> does seem to be incorrect:
>
> struct lov_user_md *lump = (struct lov_user_md *)value;
> // (I hope this is not a user pointer?)
It's not.
> …
> if (lump != NULL && lump->lmm_stripe_offset == 0)
> lump->lmm_stripe_offset = -1;
> // So, if lump is 0, we are already accessing past allowed range
If size is zero then lump is NULL and the existing code is very careful
to test for that and avoid NULL dereferences. I think that Andrew is
saying at it doesn't make sense for lump to be NULL.
Anyway, let me send a v2 which fixes the bug and leaves lump == NULL as
is.
regards,
dan carpenter
More information about the devel
mailing list