ceph: xattr: fix a possible buffer overrun bug
In ceph_vxattrcb_file_layout(), if an inode has a preferred PG its
value is added to the formatted output buffer. In doing so, the
previously-consumed portion of the buffer is accounted for in
deciding where in the buffer to write, but the number of bytes
remaining in the buffer is not. The result could conceivably
result in a buffer overflow.
The simple fix is to subtract the consumed portion of the buffer
from the size before formatting the PG into the buffer.
#1 Updated by Alex Elder almost 12 years ago
- Status changed from New to 7
This has been fixed in this commit:
260ac0e65b ceph: fix three bugs, two in ceph_vxattrcb_file_layout()
The commit will go into the ceph-client/testing branch, and after
some nightly test coverage will be pushed to the master branch.