LU-12614 ldlm: ldlm_cancel_hpreq_check should check lock count

[fs/lustre-release.git] / lustre / ldlm / ldlm_lockd.c

diff --git a/lustre/ldlm/ldlm_lockd.c b/lustre/ldlm/ldlm_lockd.c
index 65509be..6fcc0a9 100644 (file)
--- a/lustre/ldlm/ldlm_lockd.c
+++ b/lustre/ldlm/ldlm_lockd.c
@@ -2507,6 +2507,7 @@ static int ldlm_cancel_hpreq_check(struct ptlrpc_request *req)
        struct ldlm_request *dlm_req;
        int rc = 0;
        int i;
+       unsigned int size;
 
        ENTRY;
 
@@ -2518,6 +2519,12 @@ static int ldlm_cancel_hpreq_check(struct ptlrpc_request *req)
        if (dlm_req == NULL)
                RETURN(-EFAULT);
 
+       size = req_capsule_get_size(&req->rq_pill, &RMF_DLM_REQ, RCL_CLIENT);
+       if (size <= offsetof(struct ldlm_request, lock_handle) ||
+           (size - offsetof(struct ldlm_request, lock_handle)) /
+            sizeof(struct lustre_handle) < dlm_req->lock_count)
+               RETURN(-EPROTO);
+
        for (i = 0; i < dlm_req->lock_count; i++) {
                struct ldlm_lock *lock;