LU-17431 nodemap: sanity check ioctl user buffer

In server_iocontrol_nodemap(), user data is copied into a struct
lustre_cfg. Then this data must be sanity checked, by calling
lustre_cfg_sanity_check().

CoverityID: 425252 ("Passing tainted expression lcfg->lcfg_buflens to lustre_cfg_string")
CoverityID: 397130 ("Passing tainted expression lcfg->lcfg_buflens")
Fixes: 72734cf178 ("LU-17431 ptlrpc: move nodemap related ioctls to ptlrpc")

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I268b53fc0e977716ffd1985d145dc27b6acccf94
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/54928
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Arshad Hussain <arshad.hussain@aeoncomputing.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/ptlrpc/nodemap_handler.c b/lustre/ptlrpc/nodemap_handler.c
index f2cf2de..feaf1aa 100644 (file)
--- a/lustre/ptlrpc/nodemap_handler.c
+++ b/lustre/ptlrpc/nodemap_handler.c
@@ -2256,6 +2256,8 @@ int server_iocontrol_nodemap(struct obd_device *obd,
 
        if (copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1))
                GOTO(out_lcfg, rc = -EFAULT);
+       if (lustre_cfg_sanity_check(lcfg, data->ioc_plen1))
+               GOTO(out_lcfg, rc = -EINVAL);
 
        cmd = lcfg->lcfg_command;