[PATCH] Device-Mapper 8/9

From: Kevin Corry
Date: Mon Apr 12 2004 - 09:29:41 EST

Next message: Kevin Corry: "[PATCH] Device-Mapper 7/9"
Previous message: Kevin Corry: "[PATCH] Device-Mapper 5/9"
In reply to: Kevin Corry: "[PATCH] Device-Mapper 5/9"
Next in thread: Kevin Corry: "[PATCH] Device-Mapper 7/9"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

dm-ioctl.c::retrieve_status(): Prevent overrunning the ioctl buffer by making
sure we don't call the target status routine with a buffer size limit of zero.
[Kevin Corry, Alasdair Kergon]

--- diff/drivers/md/dm-ioctl.c 2004-04-09 09:42:29.000000000 -0500
+++ source/drivers/md/dm-ioctl.c 2004-04-09 09:42:44.000000000 -0500
@@ -800,7 +800,7 @@
struct dm_target *ti = dm_table_get_target(table, i);

remaining = len - (outptr - outbuf);
- if (remaining < sizeof(struct dm_target_spec)) {
+ if (remaining <= sizeof(struct dm_target_spec)) {
param->flags |= DM_BUFFER_FULL_FLAG;
break;
}
@@ -815,6 +815,10 @@

outptr += sizeof(struct dm_target_spec);
remaining = len - (outptr - outbuf);
+ if (remaining <= 0) {
+ param->flags |= DM_BUFFER_FULL_FLAG;
+ break;
+ }

/* Get the status/table string from the target driver */
if (ti->type->status) {
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kevin Corry: "[PATCH] Device-Mapper 7/9"
Previous message: Kevin Corry: "[PATCH] Device-Mapper 5/9"
In reply to: Kevin Corry: "[PATCH] Device-Mapper 5/9"
Next in thread: Kevin Corry: "[PATCH] Device-Mapper 7/9"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]