asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net/ceph
History
Xi Wang ad3b904c07 libceph: fix overflow in __decode_pool_names() 
`len' is read from network and thus needs validation.  Otherwise a
large `len' would cause out-of-bounds access via the memcpy() call.
In addition, len = 0xffffffff would overflow the kmalloc() size,
leading to out-of-bounds write.

This patch adds a check of `len' via ceph_decode_need().  Also use
kstrndup rather than kmalloc/memcpy.

[elder@inktank.com: added -ENOMEM return for null kstrndup() result]

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Alex Elder <elder@inktank.com>
2012-06-07 08:28:04 -05:00
..
crush crush: fix memory leak when destroying tree buckets 2012-05-07 15:39:36 -07:00
armor.c libceph: Fix base64-decoding when input ends in newline. 2011-03-15 09:14:02 -07:00
auth.c ceph: Move secret key parsing earlier. 2011-03-29 12:11:16 -07:00
auth_none.c ceph: messenger: reduce args to create_authorizer 2012-05-17 08:18:12 -05:00
auth_none.h
auth_x.c ceph: messenger: reduce args to create_authorizer 2012-05-17 08:18:12 -05:00
auth_x.h
auth_x_protocol.h
buffer.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
ceph_common.c libceph: embed ceph messenger structure in ceph_client 2012-06-01 08:37:56 -05:00
ceph_fs.c ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
ceph_hash.c ceph: add dir_layout to inode 2011-01-12 15:15:12 -08:00
ceph_strings.c
crypto.c ceph: Use kmemdup rather than duplicating its implementation 2012-01-10 08:56:54 -08:00
crypto.h libceph: Create a new key type "ceph". 2011-03-29 12:11:24 -07:00
debugfs.c
Kconfig ceph: use kernel DNS resolver 2011-10-25 16:10:16 -07:00
Makefile Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
messenger.c rbd: Clear ceph_msg->bio_iter for retransmitted message 2012-06-07 08:27:33 -05:00
mon_client.c libceph: make ceph_con_revoke() a msg operation 2012-06-06 09:23:54 -05:00
msgpool.c libceph: don't complain on msgpool alloc failures 2011-10-25 16:10:15 -07:00
osd_client.c libceph: make ceph_con_revoke_message() a msg op 2012-06-06 09:23:55 -05:00
osdmap.c libceph: fix overflow in __decode_pool_names() 2012-06-07 08:28:04 -05:00
pagelist.c ceph: fix num_pages_free accounting in pagelist 2010-10-20 15:38:23 -07:00
pagevec.c libceph: fix handling of short returns from get_user_pages 2011-03-03 13:47:39 -08:00