[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [dm-devel] [PATCH] dm-ioctl.c: Don't overrun ioctl buffer

From: Alasdair G Kergon <agk redhat com>
To: device-mapper development <dm-devel redhat com>
Subject: Re: [dm-devel] [PATCH] dm-ioctl.c: Don't overrun ioctl buffer
Date: Wed, 7 Apr 2004 06:31:42 -0500

On Mon, Apr 05, 2004 at 04:01:57PM -0500, Kevin Corry wrote:
> the ioctl buffer before calling the target's status() routine

A quick look at 2.4 (linux-2.4.26-rc1-devmapper-ioctl.patch) suggests:

dm-ioctl.c:805 needs changing so that the target status function is never 
called with a buffer size limit of zero:

-		if (remaining < sizeof(struct dm_target_spec)) {
+		if (remaining <= sizeof(struct dm_target_spec)) {

2 status functions fail to respect maxlen when looping:
  mirror_status() needs to ensure maxlen > sz always
  stripe_status() needs to ensure maxlen > offset always

Alasdair
-- 
agk redhat com

Follow-Ups:
- Re: [dm-devel] [PATCH] dm-ioctl.c: Don't overrun ioctl buffer
  - From: thornber

References:
- [dm-devel] [PATCH] dm-ioctl.c: Don't overrun ioctl buffer
  - From: Kevin Corry

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]