[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [dm-devel] [PATCH] dm-ioctl.c: Don't overrun ioctl buffer



On Mon, Apr 05, 2004 at 04:01:57PM -0500, Kevin Corry wrote:
> the ioctl buffer before calling the target's status() routine

A quick look at 2.4 (linux-2.4.26-rc1-devmapper-ioctl.patch) suggests:

dm-ioctl.c:805 needs changing so that the target status function is never 
called with a buffer size limit of zero:

-		if (remaining < sizeof(struct dm_target_spec)) {
+		if (remaining <= sizeof(struct dm_target_spec)) {

2 status functions fail to respect maxlen when looping:
  mirror_status() needs to ensure maxlen > sz always
  stripe_status() needs to ensure maxlen > offset always

Alasdair
-- 
agk redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]