Bug #2156
closedceph: xattr: fix a possible buffer overrun bug
0%
Description
In ceph_vxattrcb_file_layout(), if an inode has a preferred PG its
value is added to the formatted output buffer. In doing so, the
previously-consumed portion of the buffer is accounted for in
deciding where in the buffer to write, but the number of bytes
remaining in the buffer is not. The result could conceivably
result in a buffer overflow.
The simple fix is to subtract the consumed portion of the buffer
from the size before formatting the PG into the buffer.
Updated by Alex Elder about 12 years ago
- Status changed from New to 7
This has been fixed in this commit:
260ac0e65b ceph: fix three bugs, two in ceph_vxattrcb_file_layout()
The commit will go into the ceph-client/testing branch, and after
some nightly test coverage will be pushed to the master branch.
Updated by Alex Elder about 12 years ago
This got rebased: 3489b42a72a41d477665ab37f196ae9257180abb
This has been sent as part of a pull request to Linus for
Linux 3.4. Will close this for good when I see it's been
accepted into mainline.
Updated by Alex Elder about 12 years ago
- Status changed from 7 to Resolved
Linus pulled in the changes without any immediate trouble, so
I'm marking this and a few others resolved.