[01/16] libceph: fix off-by-one bug in ceph_encode_filepath()
diff mbox

Message ID 4FFD8701.6020203@inktank.com
State New, archived
Headers show

Commit Message

Alex Elder July 11, 2012, 2 p.m. UTC
There is a BUG_ON() call that doesn't account for the single byte
structure version at the start of an encoded filepath in
ceph_encode_filepath().  Fix that.

Signed-off-by: Alex Elder <elder@inktank.com>
---
 include/linux/ceph/decode.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

 	ceph_encode_32(p, len);

Comments

Yehuda Sadeh July 11, 2012, 4:59 p.m. UTC | #1
Reviewed-by: Yehuda Sadeh <yehuda@inktank.com>

On Wed, Jul 11, 2012 at 7:00 AM, Alex Elder <elder@inktank.com> wrote:
> There is a BUG_ON() call that doesn't account for the single byte
> structure version at the start of an encoded filepath in
> ceph_encode_filepath().  Fix that.
>
> Signed-off-by: Alex Elder <elder@inktank.com>
> ---
>  include/linux/ceph/decode.h |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/include/linux/ceph/decode.h b/include/linux/ceph/decode.h
> index d8615de..bcbd66c 100644
> --- a/include/linux/ceph/decode.h
> +++ b/include/linux/ceph/decode.h
> @@ -151,7 +151,7 @@ static inline void ceph_encode_filepath(void **p,
> void *end,
>                                         u64 ino, const char *path)
>  {
>         u32 len = path ? strlen(path) : 0;
> -       BUG_ON(*p + sizeof(ino) + sizeof(len) + len > end);
> +       BUG_ON(*p + 1 + sizeof(ino) + sizeof(len) + len > end);
>         ceph_encode_8(p, 1);
>         ceph_encode_64(p, ino);
>         ceph_encode_32(p, len);
> --
> 1.7.5.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Josh Durgin July 11, 2012, 6:35 p.m. UTC | #2
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>

On 07/11/2012 07:00 AM, Alex Elder wrote:
> There is a BUG_ON() call that doesn't account for the single byte
> structure version at the start of an encoded filepath in
> ceph_encode_filepath().  Fix that.
>
> Signed-off-by: Alex Elder<elder@inktank.com>
> ---
>   include/linux/ceph/decode.h |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/include/linux/ceph/decode.h b/include/linux/ceph/decode.h
> index d8615de..bcbd66c 100644
> --- a/include/linux/ceph/decode.h
> +++ b/include/linux/ceph/decode.h
> @@ -151,7 +151,7 @@ static inline void ceph_encode_filepath(void **p,
> void *end,
>   					u64 ino, const char *path)
>   {
>   	u32 len = path ? strlen(path) : 0;
> -	BUG_ON(*p + sizeof(ino) + sizeof(len) + len>  end);
> +	BUG_ON(*p + 1 + sizeof(ino) + sizeof(len) + len>  end);
>   	ceph_encode_8(p, 1);
>   	ceph_encode_64(p, ino);
>   	ceph_encode_32(p, len);

--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch
diff mbox

diff --git a/include/linux/ceph/decode.h b/include/linux/ceph/decode.h
index d8615de..bcbd66c 100644
--- a/include/linux/ceph/decode.h
+++ b/include/linux/ceph/decode.h
@@ -151,7 +151,7 @@  static inline void ceph_encode_filepath(void **p,
void *end,
 					u64 ino, const char *path)
 {
 	u32 len = path ? strlen(path) : 0;
-	BUG_ON(*p + sizeof(ino) + sizeof(len) + len > end);
+	BUG_ON(*p + 1 + sizeof(ino) + sizeof(len) + len > end);
 	ceph_encode_8(p, 1);
 	ceph_encode_64(p, ino);