review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Jan Harkes <jaharkes@cs.cmu.edu>
	Tue, 16 Jul 2019 23:28:16 +0000 (16:28 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Wed, 17 Jul 2019 02:23:23 +0000 (19:23 -0700)
commit	6e51f8aa76b67d0a6eb168fd41a81e8478ae07a9
tree	4eaac753b2f94feeb721880e0c5445f071aa384e	tree \| snapshot
parent	02551c23bcd85f0c68a8259c7b953d49d44f86af	commit \| diff

coda: potential buffer overflow in coda_psdev_write()

Add checks to make sure the downcall message we got from the Coda cache
manager is large enough to contain the data it is supposed to have.
i.e. when we get a CODA_ZAPDIR we can access &out->coda_zapdir.CodaFid.

Link: http://lkml.kernel.org/r/894fb6b250add09e4e3935f14649f21284a5cb18.1558117389.git.jaharkes@cs.cmu.edu
Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Colin Ian King <colin.king@canonical.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Fabian Frederick <fabf@skynet.be>
Cc: Mikko Rapeli <mikko.rapeli@iki.fi>
Cc: Sam Protsenko <semen.protsenko@linaro.org>
Cc: Yann Droneaud <ydroneaud@opteya.com>
Cc: Zhouyang Jia <jiazhouyang09@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

fs/coda/psdev.c		diff \| blob \| history
fs/coda/upcall.c		diff \| blob \| history
include/linux/coda_psdev.h		diff \| blob \| history