Actions
Bug #2156
closedceph: xattr: fix a possible buffer overrun bug
% Done:
0%
Source:
Development
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
In ceph_vxattrcb_file_layout(), if an inode has a preferred PG its
value is added to the formatted output buffer. In doing so, the
previously-consumed portion of the buffer is accounted for in
deciding where in the buffer to write, but the number of bytes
remaining in the buffer is not. The result could conceivably
result in a buffer overflow.
The simple fix is to subtract the consumed portion of the buffer
from the size before formatting the PG into the buffer.
Actions