[dm-devel] [PATCH 10/12] libmpathpersist(coverity): range checking for PRIN length
Martin Wilck
mwilck at suse.com
Tue Jan 8 22:54:07 UTC 2019
Signed-off-by: Martin Wilck <mwilck at suse.com>
---
libmpathpersist/mpath_pr_ioctl.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/libmpathpersist/mpath_pr_ioctl.c b/libmpathpersist/mpath_pr_ioctl.c
index c4f4ccd..cf528fe 100644
--- a/libmpathpersist/mpath_pr_ioctl.c
+++ b/libmpathpersist/mpath_pr_ioctl.c
@@ -211,7 +211,8 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy)
unsigned char *p;
char *ppbuff;
uint32_t additional_length;
-
+ char tempbuff[MPATH_MAX_PARAM_LEN];
+ struct prin_fulldescr fdesc;
convert_be32_to_cpu(&pr_buff->prin_descriptor.prin_readfd.prgeneration);
convert_be32_to_cpu(&pr_buff->prin_descriptor.prin_readfd.number_of_descriptor);
@@ -223,9 +224,12 @@ void mpath_format_readfullstatus(struct prin_resp *pr_buff, int len, int noisy)
}
additional_length = pr_buff->prin_descriptor.prin_readfd.number_of_descriptor;
+ if (additional_length > MPATH_MAX_PARAM_LEN) {
+ condlog(3, "PRIN length %u exceeds max length %d", additional_length,
+ MPATH_MAX_PARAM_LEN);
+ return;
+ }
- char tempbuff[MPATH_MAX_PARAM_LEN];
- struct prin_fulldescr fdesc;
memset(&fdesc, 0, sizeof(struct prin_fulldescr));
memcpy( tempbuff, pr_buff->prin_descriptor.prin_readfd.private_buffer,MPATH_MAX_PARAM_LEN );
--
2.19.2
More information about the dm-devel
mailing list