https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-3658 Lustre <p>the code snippet is as follows:</p> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> <span class="code-comment">/* We don't know the <span class="code-keyword">true</span> size yet; copy the fixed-size part */</span> <span class="code-keyword">if</span> (copy_from_user(hur, (void *)arg, sizeof(*hur))) { OBD_FREE_PTR(hur); RETURN(-EFAULT); } <span class="code-comment">/* Compute the whole struct size */</span> totalsize = hur_len(hur); OBD_FREE_PTR(hur); OBD_ALLOC_LARGE(hur, totalsize); <span class="code-keyword">if</span> (hur == NULL) RETURN(-ENOMEM); </pre> </div></div> <p>So if the user space program passes in a malicious data with huge hur_len, the kernel will be in trouble. We need to make sure the itemcount is reasonable.</p> LU-3658

No user input verification in LL_IOC_HSM_REQUEST of ll_dir_ioctl()

Technical task LU-3647 Blocker Resolved Fixed Jinshan Xiong Jinshan Xiong HSM Mon, 29 Jul 2013 17:19:43 +0000 Mon, 21 Oct 2013 20:28:49 +0000 Sat, 17 Aug 2013 05:21:57 +0000 Lustre 2.5.0 Lustre 2.5.0 0 3 <p>patch is at <a href="http://review.whamcloud.com/7243" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/7243</a></p> <p>Problem was fixed in the final version of the <a href="https://jira.whamcloud.com/browse/LU-3647" title="HSM _not only_ small fixes and to do list goes here" class="issue-link" data-issue-key="LU-3647"><del>LU-3647</del></a> patch that was landed.</p> Development Rank 1|hzvwkv: Rank (Obsolete) 9435