| Message ID | 20090107131516.GT5098@agk.fab.redhat.com (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Delegated to: | Alasdair Kergon |
| Headers | show |
On Wed, Jan 07, 2009 at 01:15:16PM +0000, Alasdair G Kergon wrote: > From: Milan Broz <mbroz@redhat.com> > When renaming a mapped device validate the length of the new name. Reviewed-by: Alasdair G Kergon <agk@redhat.com> Alasdair
On Wed, Jan 07, 2009 at 01:15:16PM +0000, Alasdair G Kergon wrote: > From: Milan Broz <mbroz@redhat.com> > When renaming a mapped device validate the length of the new name. Acked-by: Alasdair G Kergon <agk@redhat.com> Alasdair
On Wed, Jan 07, 2009 at 01:15:16PM +0000, Alasdair G Kergon wrote: > From: Milan Broz <mbroz@redhat.com> > When renaming a mapped device validate the length of the new name. Tested-by: Alasdair G Kergon <agk@redhat.com> Well I haven't actually tested this patch, but I'm testing patchwork... Alasdair
Reviewed-by: Jonathan Brassow <jbrassow@redhat.com> brassow On Jan 7, 2009, at 7:15 AM, Alasdair G Kergon wrote: > From: Milan Broz <mbroz@redhat.com> > > When renaming a mapped device validate the length of the new name. > > The rename ioctl accepted any correctly-terminated string enclosed > within the data passed from userspace. The other ioctls enforce a > size limit of DM_NAME_LEN. If the name is changed and becomes longer > than that, the device can no longer be addressed by name. > > Fix it by properly checking for device name length (including > terminating zero). > > Cc: stable@kernel.org > Signed-off-by: Milan Broz <mbroz@redhat.com> > Signed-off-by: Alasdair G Kergon <agk@redhat.com> > --- > drivers/md/dm-ioctl.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletion(-) > > Index: linux-2.6.28/drivers/md/dm-ioctl.c > =================================================================== > --- linux-2.6.28.orig/drivers/md/dm-ioctl.c 2009-01-06 > 15:06:06.000000000 +0000 > +++ linux-2.6.28/drivers/md/dm-ioctl.c 2009-01-06 15:07:04.000000000 > +0000 > @@ -704,7 +704,8 @@ static int dev_rename(struct dm_ioctl *p > char *new_name = (char *) param + param->data_start; > > if (new_name < param->data || > - invalid_str(new_name, (void *) param + param_size)) { > + invalid_str(new_name, (void *) param + param_size) || > + strlen(new_name) > DM_NAME_LEN - 1) { > DMWARN("Invalid new logical volume name supplied."); > return -EINVAL; > } > > -- > dm-devel mailing list > dm-devel@redhat.com > https://www.redhat.com/mailman/listinfo/dm-devel -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel
Index: linux-2.6.28/drivers/md/dm-ioctl.c =================================================================== --- linux-2.6.28.orig/drivers/md/dm-ioctl.c 2009-01-06 15:06:06.000000000 +0000 +++ linux-2.6.28/drivers/md/dm-ioctl.c 2009-01-06 15:07:04.000000000 +0000 @@ -704,7 +704,8 @@ static int dev_rename(struct dm_ioctl *p char *new_name = (char *) param + param->data_start; if (new_name < param->data || - invalid_str(new_name, (void *) param + param_size)) { + invalid_str(new_name, (void *) param + param_size) || + strlen(new_name) > DM_NAME_LEN - 1) { DMWARN("Invalid new logical volume name supplied."); return -EINVAL; }