From: Ilya Dryomov Date: Thu, 13 Mar 2014 14:36:14 +0000 (+0200) Subject: libceph: check length of osdmap osd arrays X-Git-Tag: firefly_0821_release~176^2~3948^2~38 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=2d88b2e0819e0401ebb195e9fa20fab4be1965c8;p=firefly-linux-kernel-4.4.55.git libceph: check length of osdmap osd arrays Check length of osd_state, osd_weight and osd_addr arrays. They should all have exactly max_osd elements after the call to osdmap_set_max_osd(). Signed-off-by: Ilya Dryomov Reviewed-by: Alex Elder --- diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c index ec06010657b3..c39ac624ccc3 100644 --- a/net/ceph/osdmap.c +++ b/net/ceph/osdmap.c @@ -745,19 +745,25 @@ static int osdmap_decode(void **p, void *end, struct ceph_osdmap *map) if (err) goto bad; - /* osds */ + /* osd_state, osd_weight, osd_addrs->client_addr */ ceph_decode_need(p, end, 3*sizeof(u32) + map->max_osd*(1 + sizeof(*map->osd_weight) + sizeof(*map->osd_addr)), e_inval); - *p += 4; /* skip length field (should match max) */ + if (ceph_decode_32(p) != map->max_osd) + goto e_inval; + ceph_decode_copy(p, map->osd_state, map->max_osd); - *p += 4; /* skip length field (should match max) */ + if (ceph_decode_32(p) != map->max_osd) + goto e_inval; + for (i = 0; i < map->max_osd; i++) map->osd_weight[i] = ceph_decode_32(p); - *p += 4; /* skip length field (should match max) */ + if (ceph_decode_32(p) != map->max_osd) + goto e_inval; + ceph_decode_copy(p, map->osd_addr, map->max_osd*sizeof(*map->osd_addr)); for (i = 0; i < map->max_osd; i++) ceph_decode_addr(&map->osd_addr[i]);