[dm-devel] [PATCH] dm-ioctl.c: Don't overrun ioctl buffer
Alasdair G Kergon
agk at redhat.com
Wed Apr 7 11:31:42 UTC 2004
On Mon, Apr 05, 2004 at 04:01:57PM -0500, Kevin Corry wrote:
> the ioctl buffer before calling the target's status() routine
A quick look at 2.4 (linux-2.4.26-rc1-devmapper-ioctl.patch) suggests:
dm-ioctl.c:805 needs changing so that the target status function is never
called with a buffer size limit of zero:
- if (remaining < sizeof(struct dm_target_spec)) {
+ if (remaining <= sizeof(struct dm_target_spec)) {
2 status functions fail to respect maxlen when looping:
mirror_status() needs to ensure maxlen > sz always
stripe_status() needs to ensure maxlen > offset always
Alasdair
--
agk at redhat.com
More information about the dm-devel
mailing list