git.osdn.net Git - uclinux-h8/linux.git/commit

(root) / uclinux-h8 / linux.git / commit

author	Xi Wang <xi.wang@gmail.com>
	Fri, 20 Apr 2012 20:49:44 +0000 (15:49 -0500)
committer	Alex Elder <elder@dreamhost.com>
	Mon, 14 May 2012 17:12:41 +0000 (12:12 -0500)
commit	50f7c4c967d0b5acd8e7ba6ab654dc4a7ac869ac
tree	a37aa5a2aad9e434bf6b77e0b65601b6e30589b2	tree \| snapshot
parent	f8ad495a8a0277b88c59bf38319e5e944aaf5a4a	commit \| diff

rbd: fix integer overflow in rbd_header_from_disk()

ondisk->snap_count is read from disk via rbd_req_sync_read() and thus
needs validation. Otherwise, a bogus `snap_count' could overflow the
kmalloc() size, leading to memory corruption.

Also use `u32' consistently for `snap_count'.

[elder@dreamhost.com: changed to use UINT_MAX rather than ULONG_MAX]

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Alex Elder <elder@dreamhost.com>

drivers/block/rbd.c

diff | blob | history

RSS Atom

About OSDN

Find Software

Develop Software

Help