Check client data size (negtive or excessively large) in case of
memcpy corruption.
Change-Id: Ided26dea0e2bbb79e607c626810834ca947497d4
Reported-by: Alibaba Cloud <yunye.ry@alibaba-inc.com>
Signed-off-by: Emoly Liu <emoly@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/35711
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
size = req_capsule_get_size(&req->rq_pill, &RMF_CONNECT_DATA,
RCL_CLIENT);
size = req_capsule_get_size(&req->rq_pill, &RMF_CONNECT_DATA,
RCL_CLIENT);
+ if (size < 0 || size > 8 * sizeof(struct obd_connect_data))
+ GOTO(out, rc = -EPROTO);
data = req_capsule_client_get(&req->rq_pill, &RMF_CONNECT_DATA);
if (!data)
GOTO(out, rc = -EPROTO);
data = req_capsule_client_get(&req->rq_pill, &RMF_CONNECT_DATA);
if (!data)
GOTO(out, rc = -EPROTO);