projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ca973d2)
fs: dlm: check on minimum msglen size
authorAlexander Aring <aahringo@redhat.com>
Mon, 1 Mar 2021 22:05:17 +0000 (17:05 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 19 May 2021 08:12:52 +0000 (10:12 +0200)
[ Upstream commit 710176e8363f269c6ecd73d203973b31ace119d3 ]

This patch adds an additional check for minimum dlm header size which is
an invalid dlm message and signals a broken stream. A msglen field cannot
be less than the dlm header size because the field is inclusive header
lengths.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/dlm/midcomms.c patch | blob | history

diff --git a/fs/dlm/midcomms.c b/fs/dlm/midcomms.c
index fde3a6a..0bedfa8 100644 (file)
--- a/fs/dlm/midcomms.c
+++ b/fs/dlm/midcomms.c
@@ -49,9 +49,10 @@ int dlm_process_incoming_buffer(int nodeid, unsigned char *buf, int len)
                 * cannot deliver this message to upper layers
                 */
                msglen = get_unaligned_le16(&hd->h_length);
-               if (msglen > DEFAULT_BUFFER_SIZE) {
-                       log_print("received invalid length header: %u, will abort message parsing",
-                                 msglen);
+               if (msglen > DEFAULT_BUFFER_SIZE ||
+                   msglen < sizeof(struct dlm_header)) {
+                       log_print("received invalid length header: %u from node %d, will abort message parsing",
+                                 msglen, nodeid);
                        return -EBADMSG;
                }
 
Domain: System / Kernel;