From cd41f5b0d3e958b2b379638ba284b8c7957ed7c4 Mon Sep 17 00:00:00 2001
From: Andriy Skulysh <andriy.skulysh@hpe.com>
Date: Wed, 24 Jul 2024 20:14:06 +0300
Subject: [PATCH] LU-18112 mdt: check for fid from a client to match format

Access to /mnt/lustre/.lustre/fid/0x200000 passes sane checks

Change-Id: I748e519b56cce6809285bbe178e89f5872a46188
HPE-bug-id: LUS-12448
Signed-off-by: Andriy Skulysh <andriy.skulysh@hpe.com>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55947
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Alexander Zarochentsev <alexander.zarochentsev@hpe.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/mdd/mdd_device.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lustre/mdd/mdd_device.c b/lustre/mdd/mdd_device.c
index 9068a17..9e9434d 100644
--- a/lustre/mdd/mdd_device.c
+++ b/lustre/mdd/mdd_device.c
@@ -864,7 +864,9 @@ static int obf_lookup(const struct lu_env *env, struct md_object *p,
 	while (*name == '[')
 		name++;
 
-	sscanf(name, SFID, RFID(f));
+        if (sscanf(name, SFID, RFID(f)) != 3)
+		GOTO(out, rc = -ENOENT);
+
 	if (!fid_is_sane(f))
 		GOTO(out, rc = -ENOENT);
 
-- 
1.8.3.1