aboutsummaryrefslogtreecommitdiffstats
path: root/fs/dlm/rcom.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/dlm/rcom.c')
-rw-r--r--fs/dlm/rcom.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/fs/dlm/rcom.c b/fs/dlm/rcom.c
index a312f1d97f8b..ef9d0f918492 100644
--- a/fs/dlm/rcom.c
+++ b/fs/dlm/rcom.c
@@ -357,6 +357,7 @@ int dlm_send_rcom_lock(struct dlm_rsb *r, struct dlm_lkb *lkb)
357 return error; 357 return error;
358} 358}
359 359
360/* needs at least dlm_rcom + rcom_lock */
360static void receive_rcom_lock(struct dlm_ls *ls, struct dlm_rcom *rc_in) 361static void receive_rcom_lock(struct dlm_ls *ls, struct dlm_rcom *rc_in)
361{ 362{
362 struct dlm_rcom *rc; 363 struct dlm_rcom *rc;
@@ -448,6 +449,8 @@ static int is_old_reply(struct dlm_ls *ls, struct dlm_rcom *rc)
448 449
449void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid) 450void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid)
450{ 451{
452 int lock_size = sizeof(struct dlm_rcom) + sizeof(struct rcom_lock);
453
451 if (dlm_recovery_stopped(ls) && (rc->rc_type != DLM_RCOM_STATUS)) { 454 if (dlm_recovery_stopped(ls) && (rc->rc_type != DLM_RCOM_STATUS)) {
452 log_debug(ls, "ignoring recovery message %x from %d", 455 log_debug(ls, "ignoring recovery message %x from %d",
453 rc->rc_type, nodeid); 456 rc->rc_type, nodeid);
@@ -471,6 +474,8 @@ void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid)
471 break; 474 break;
472 475
473 case DLM_RCOM_LOCK: 476 case DLM_RCOM_LOCK:
477 if (rc->rc_header.h_length < lock_size)
478 goto Eshort;
474 receive_rcom_lock(ls, rc); 479 receive_rcom_lock(ls, rc);
475 break; 480 break;
476 481
@@ -487,13 +492,18 @@ void dlm_receive_rcom(struct dlm_ls *ls, struct dlm_rcom *rc, int nodeid)
487 break; 492 break;
488 493
489 case DLM_RCOM_LOCK_REPLY: 494 case DLM_RCOM_LOCK_REPLY:
495 if (rc->rc_header.h_length < lock_size)
496 goto Eshort;
490 dlm_recover_process_copy(ls, rc); 497 dlm_recover_process_copy(ls, rc);
491 break; 498 break;
492 499
493 default: 500 default:
494 log_error(ls, "receive_rcom bad type %d", rc->rc_type); 501 log_error(ls, "receive_rcom bad type %d", rc->rc_type);
495 } 502 }
496 out: 503out:
497 return; 504 return;
505Eshort:
506 log_error(ls, "recovery message %x from %d is too short",
507 rc->rc_type, nodeid);
498} 508}
499 509