diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-01-25 23:22:26 -0500 |
---|---|---|
committer | David Teigland <teigland@redhat.com> | 2008-02-04 02:26:31 -0500 |
commit | ef58bccab7c7ef34451aa4ceea39545ef126b666 (patch) | |
tree | 56cdbdeba5db2cdca3e3f96a7124a4f83c56e791 | |
parent | a5dd06313dbcec3a2c8a5e4a6f3ddb2a8fc72ec9 (diff) |
dlm: make find_rsb() fail gracefully when namelen is too large
We *can* get there from receive_request() and dlm_recover_master_copy()
with namelen too large if incoming request is invalid; BUG() from
DLM_ASSERT() in allocate_rsb() is a bit excessive reaction to that
and in case of dlm_recover_master_copy() we would actually oops before
that while calculating hash of up to 64Kb worth of data - with data
actually being 64 _bytes_ in kmalloc()'ed struct.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Teigland <teigland@redhat.com>
-rw-r--r-- | fs/dlm/lock.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c index 0593dd81d46d..6d98cf9d043d 100644 --- a/fs/dlm/lock.c +++ b/fs/dlm/lock.c | |||
@@ -436,11 +436,15 @@ static int find_rsb(struct dlm_ls *ls, char *name, int namelen, | |||
436 | { | 436 | { |
437 | struct dlm_rsb *r, *tmp; | 437 | struct dlm_rsb *r, *tmp; |
438 | uint32_t hash, bucket; | 438 | uint32_t hash, bucket; |
439 | int error = 0; | 439 | int error = -EINVAL; |
440 | |||
441 | if (namelen > DLM_RESNAME_MAXLEN) | ||
442 | goto out; | ||
440 | 443 | ||
441 | if (dlm_no_directory(ls)) | 444 | if (dlm_no_directory(ls)) |
442 | flags |= R_CREATE; | 445 | flags |= R_CREATE; |
443 | 446 | ||
447 | error = 0; | ||
444 | hash = jhash(name, namelen, 0); | 448 | hash = jhash(name, namelen, 0); |
445 | bucket = hash & (ls->ls_rsbtbl_size - 1); | 449 | bucket = hash & (ls->ls_rsbtbl_size - 1); |
446 | 450 | ||