Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-15056

Overflow when setting a tbf rule name

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • Lustre 2.15.0
    • None
    • None
    • VMs with lustre 2.14.53
    • 3
    • 9223372036854775807

    Description

      A tbf rule name length is limited to 16 characters (MAX_TBF_NAME).
      This length is never checked. This can cause an overflow inside the following code:

      static int
nrs_tbf_rule_start(struct ptlrpc_nrs_policy *policy,
                   struct nrs_tbf_head *head,
                   struct nrs_tbf_cmd *start)
{
        struct nrs_tbf_rule     *rule;
        struct nrs_tbf_rule     *tmp_rule;
        struct nrs_tbf_rule     *next_rule;
        char                    *next_name = start->u.tc_start.ts_next_name;
        int                      rc;

        rule = nrs_tbf_rule_find(head, start->tc_name);
        if (rule) {
                nrs_tbf_rule_put(rule);
                return -EEXIST;
        }

        OBD_CPT_ALLOC_PTR(rule, nrs_pol2cptab(policy), nrs_pol2cptid(policy));
        if (rule == NULL)
                return -ENOMEM;

        memcpy(rule->tr_name, start->tc_name, strlen(start->tc_name));    <---------------------

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LUDOC-496 Format of TBF rule name field is not defined

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              eaujames Etienne Aujames
              eaujames Etienne Aujames
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: