From 1de7a72cd437c93c537377023d5243d43589394a Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Fri, 26 Apr 2024 16:49:17 +0200
Subject: [PATCH] LU-17431 nodemap: sanity check ioctl user buffer

In server_iocontrol_nodemap(), user data is copied into a struct
lustre_cfg. Then this data must be sanity checked, by calling
lustre_cfg_sanity_check().

CoverityID: 425252 ("Passing tainted expression lcfg->lcfg_buflens to lustre_cfg_string")
CoverityID: 397130 ("Passing tainted expression lcfg->lcfg_buflens")
Fixes: 72734cf178 ("LU-17431 ptlrpc: move nodemap related ioctls to ptlrpc")

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I268b53fc0e977716ffd1985d145dc27b6acccf94
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/54928
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Arshad Hussain <arshad.hussain@aeoncomputing.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/ptlrpc/nodemap_handler.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lustre/ptlrpc/nodemap_handler.c b/lustre/ptlrpc/nodemap_handler.c
index f2cf2de..feaf1aa 100644
--- a/lustre/ptlrpc/nodemap_handler.c
+++ b/lustre/ptlrpc/nodemap_handler.c
@@ -2256,6 +2256,8 @@ int server_iocontrol_nodemap(struct obd_device *obd,
 
 	if (copy_from_user(lcfg, data->ioc_pbuf1, data->ioc_plen1))
 		GOTO(out_lcfg, rc = -EFAULT);
+	if (lustre_cfg_sanity_check(lcfg, data->ioc_plen1))
+		GOTO(out_lcfg, rc = -EINVAL);
 
 	cmd = lcfg->lcfg_command;
 
-- 
1.8.3.1