Bug #2156: ceph: xattr: fix a possible buffer overrun bug - Linux kernel client - Ceph

Actions

Copy link

Bug #2156

closed

ceph: xattr: fix a possible buffer overrun bug

Added by Alex Elder about 12 years ago. Updated about 12 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Alex Elder

Category:

Target version:

% Done:

Source:

Development

Tags:

Backport:

Regression:

Severity:

Reviewed:

Affected Versions:

ceph-qa-suite:

Crash signature (v1):

Crash signature (v2):

Description

In ceph_vxattrcb_file_layout(), if an inode has a preferred PG its
value is added to the formatted output buffer. In doing so, the
previously-consumed portion of the buffer is accounted for in
deciding where in the buffer to write, but the number of bytes
remaining in the buffer is not. The result could conceivably
result in a buffer overflow.

The simple fix is to subtract the consumed portion of the buffer
from the size before formatting the PG into the buffer.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » Linux kernel client

Custom queries

Bug #2156

ceph: xattr: fix a possible buffer overrun bug

Updated by Alex Elder about 12 years ago

Updated by Alex Elder about 12 years ago

Updated by Alex Elder about 12 years ago