[dm-devel] [PATCH 2/4] libmpathpersist: format_transportids(): avoid PROUT overflow
Martin Wilck
mwilck at suse.com
Sun Mar 15 00:14:12 UTC 2020
On Sat, 2020-03-14 at 18:15 -0500, Benjamin Marzinski wrote:
> On Sat, Mar 07, 2020 at 12:06:03AM +0100, mwilck at suse.com wrote:
> > From: Martin Wilck <mwilck at suse.com>
> >
> > This limits the PERSISTENT RESERVE OUT data size to max. 8192
> > bytes.
> >
> > Signed-off-by: Martin Wilck <mwilck at suse.com>
> > ---
> > libmpathpersist/mpath_pr_ioctl.c | 26 ++++++++++++++++++++++++--
> > 1 file changed, 24 insertions(+), 2 deletions(-)
> >
> > diff --git a/libmpathpersist/mpath_pr_ioctl.c
> > b/libmpathpersist/mpath_pr_ioctl.c
> > index 1a28cba7..8bf16c0d 100644
> > --- a/libmpathpersist/mpath_pr_ioctl.c
> > +++ b/libmpathpersist/mpath_pr_ioctl.c
> > @@ -1,5 +1,6 @@
> > #include <stdio.h>
> > #include <stdlib.h>
> > +#include <stddef.h>
> >
> > #include <sys/types.h>
> > #include <sys/stat.h>
> > @@ -138,38 +139,59 @@ retry :
> > return status;
> > }
> >
> > +#define check_overflow(ofs, n, start, label)
> > \
> > + do {
> > \
> > + if ((ofs) + 4 + (n) +
> > \
>
> I don't get where the 4 comes from here, since buff_offset starts
> at 4. Maybe I'm just missing something.
>
No. It's wrong, buff_offset includes these 4 bytes inded. Thanks for
spotting it. I'll resubmit the series.
Regards,
Martin
More information about the dm-devel
mailing list