[dm-devel] [PATCH 4/4] libmpathpersist: ABI change: limit data-in/out size to 8192 bytes
Martin Wilck
mwilck at suse.com
Sun Mar 15 00:27:49 UTC 2020
On Sat, 2020-03-14 at 19:19 -0500, Benjamin Marzinski wrote:
> On Sat, Mar 07, 2020 at 12:06:05AM +0100, mwilck at suse.com wrote:
> > From: Martin Wilck <mwilck at suse.com>
> >
> > Make sure that data structures used for PERSISTENT RESERVE IN/OUT
> > fit into 8k buffers.
> >
> > This patch breaks the libmpathpersist ABI.
> >
>
> I'm not super worried about this. I don't really see a way for users
> to
> hurt themselves because of this change, without making some pretty
> odd
> assumptions. Am I missing something?
I found this:
struct prout_param_descriptor {
uint8_t key[8];
uint8_t sa_key[8];
[...]
uint8_t private_buffer[MPATH_MAX_PARAM_LEN - 24];
uint32_t num_transportid;
struct transportid *trnptid_list[];
};
A program written against the old API might assume that the length of
private_buffer was MPATH_MAX_PARAM_LEN, and call e.g.
memset(private_buffer, 0, MPATH_MAX_PARAM_LEN), overwriting
num_transportid.
The same could happen if a program compiled against the new API was
linked against the old. In that case, the overwrite would happen in
format_transportids().
Martin
More information about the dm-devel
mailing list