dlm: fix overflows when copying from ->m_extra to lvb

author Al Viro <viro@zeniv.linux.org.uk>

Sat, 26 Jan 2008 05:02:29 +0000 (00:02 -0500)

committer David Teigland <teigland@redhat.com>

Mon, 4 Feb 2008 07:29:13 +0000 (01:29 -0600)
author Al Viro <viro@zeniv.linux.org.uk>
Sat, 26 Jan 2008 05:02:29 +0000 (00:02 -0500)
committer David Teigland <teigland@redhat.com>
Mon, 4 Feb 2008 07:29:13 +0000 (01:29 -0600)
diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c

index 6d98cf9..5b82187 100644 (file)
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c
@@ -1226,6 +1226,8 @@ static void set_lvb_lock_pc(struct dlm_rsb *r, struct dlm_lkb *lkb,
         b = dlm_lvb_operations[lkb->lkb_grmode + 1][lkb->lkb_rqmode + 1];
         if (b == 1) {
                 int len = receive_extralen(ms);
+               if (len > DLM_RESNAME_MAXLEN)
+                       len = DLM_RESNAME_MAXLEN;
                 memcpy(lkb->lkb_lvbptr, ms->m_extra, len);
                 lkb->lkb_lvbseq = ms->m_lvbseq;
         }
@@ -2993,6 +2995,8 @@ static int receive_lvb(struct dlm_ls *ls, struct dlm_lkb *lkb,
                 if (!lkb->lkb_lvbptr)
                         return -ENOMEM;
                 len = receive_extralen(ms);
+               if (len > DLM_RESNAME_MAXLEN)
+                       len = DLM_RESNAME_MAXLEN;
                 memcpy(lkb->lkb_lvbptr, ms->m_extra, len);
         }
         return 0;
author	Al Viro <viro@zeniv.linux.org.uk>
	Sat, 26 Jan 2008 05:02:29 +0000 (00:02 -0500)
committer	David Teigland <teigland@redhat.com>
	Mon, 4 Feb 2008 07:29:13 +0000 (01:29 -0600)