From patchwork Wed Jan 7 13:15:16 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alasdair G Kergon X-Patchwork-Id: 1162 X-Patchwork-Delegate: agk@redhat.com Received: from hormel.redhat.com (hormel1.redhat.com [209.132.177.33]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n07DBjSY008121 for ; Wed, 7 Jan 2009 05:11:45 -0800 Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [10.8.4.110]) by hormel.redhat.com (Postfix) with ESMTP id 9ABDC61985A; Wed, 7 Jan 2009 08:15:19 -0500 (EST) Received: from int-mx2.corp.redhat.com (nat-pool.util.phx.redhat.com [10.8.5.200]) by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id n07DFH0o005909 for ; Wed, 7 Jan 2009 08:15:17 -0500 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n07DFHjO009811 for ; Wed, 7 Jan 2009 08:15:18 -0500 Received: from agk.fab.redhat.com (agk.fab.redhat.com [10.33.0.19]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n07DFHxb003193 for ; Wed, 7 Jan 2009 08:15:17 -0500 Received: from agk by agk.fab.redhat.com with local (Exim 4.34) id 1LKYFg-0006ig-6S for dm-devel@redhat.com; Wed, 07 Jan 2009 13:15:16 +0000 Date: Wed, 7 Jan 2009 13:15:16 +0000 From: Alasdair G Kergon To: dm-devel@redhat.com Message-ID: <20090107131516.GT5098@agk.fab.redhat.com> Mail-Followup-To: dm-devel@redhat.com Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.4.1i Organization: Red Hat UK Ltd. Registered in England and Wales, number 03798903. Registered Office: Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE. X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 X-loop: dm-devel@redhat.com Subject: [dm-devel] [2.6.29 PATCH] dm ioctl: validate name length when renaming X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.5 Precedence: junk Reply-To: device-mapper development List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com From: Milan Broz When renaming a mapped device validate the length of the new name. The rename ioctl accepted any correctly-terminated string enclosed within the data passed from userspace. The other ioctls enforce a size limit of DM_NAME_LEN. If the name is changed and becomes longer than that, the device can no longer be addressed by name. Fix it by properly checking for device name length (including terminating zero). Cc: stable@kernel.org Signed-off-by: Milan Broz Signed-off-by: Alasdair G Kergon Reviewed-by: Alasdair G Kergon Acked-by: Alasdair G Kergon Tested-by: Alasdair G Kergon Reviewed-by: Jonathan Brassow --- drivers/md/dm-ioctl.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletion(-) -- dm-devel mailing list dm-devel@redhat.com https://www.redhat.com/mailman/listinfo/dm-devel Index: linux-2.6.28/drivers/md/dm-ioctl.c =================================================================== --- linux-2.6.28.orig/drivers/md/dm-ioctl.c 2009-01-06 15:06:06.000000000 +0000 +++ linux-2.6.28/drivers/md/dm-ioctl.c 2009-01-06 15:07:04.000000000 +0000 @@ -704,7 +704,8 @@ static int dev_rename(struct dm_ioctl *p char *new_name = (char *) param + param->data_start; if (new_name < param->data || - invalid_str(new_name, (void *) param + param_size)) { + invalid_str(new_name, (void *) param + param_size) || + strlen(new_name) > DM_NAME_LEN - 1) { DMWARN("Invalid new logical volume name supplied."); return -EINVAL; }