Whamcloud - gitweb
git://git.whamcloud.com
/
fs
/
lustre-release.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
LU-9859 libcfs: double copy bug
[fs/lustre-release.git]
/
libcfs
/
libcfs
/
linux
/
linux-module.c
diff --git
a/libcfs/libcfs/linux/linux-module.c
b/libcfs/libcfs/linux/linux-module.c
index
7300af8
..
9e724ae
100644
(file)
--- a/
libcfs/libcfs/linux/linux-module.c
+++ b/
libcfs/libcfs/linux/linux-module.c
@@
-109,7
+109,7
@@
int libcfs_ioctl_getdata(struct libcfs_ioctl_hdr **hdr_pp,
struct libcfs_ioctl_hdr __user *uhdr)
{
struct libcfs_ioctl_hdr hdr;
struct libcfs_ioctl_hdr __user *uhdr)
{
struct libcfs_ioctl_hdr hdr;
- int err
= 0
;
+ int err;
ENTRY;
if (copy_from_user(&hdr, uhdr, sizeof(hdr)))
ENTRY;
if (copy_from_user(&hdr, uhdr, sizeof(hdr)))
@@
-138,10
+138,16
@@
int libcfs_ioctl_getdata(struct libcfs_ioctl_hdr **hdr_pp,
RETURN(-ENOMEM);
if (copy_from_user(*hdr_pp, uhdr, hdr.ioc_len))
RETURN(-ENOMEM);
if (copy_from_user(*hdr_pp, uhdr, hdr.ioc_len))
- GOTO(failed, err = -EFAULT);
+ GOTO(free, err = -EFAULT);
+
+ if ((*hdr_pp)->ioc_version != hdr.ioc_version ||
+ (*hdr_pp)->ioc_len != hdr.ioc_len) {
+ GOTO(free, err = -EINVAL);
+ }
RETURN(0);
RETURN(0);
-failed:
+
+free:
LIBCFS_FREE(*hdr_pp, hdr.ioc_len);
RETURN(err);
}
LIBCFS_FREE(*hdr_pp, hdr.ioc_len);
RETURN(err);
}