From a9cc9159281d44754f621f75d4efad0076b29db4 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 26 Jan 2008 00:02:29 -0500 Subject: dlm: fix overflows when copying from ->m_extra to lvb Signed-off-by: Al Viro Signed-off-by: David Teigland --- fs/dlm/lock.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'fs/dlm') diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c index 6d98cf9d043d..5b82187e0221 100644 --- a/fs/dlm/lock.c +++ b/fs/dlm/lock.c @@ -1226,6 +1226,8 @@ static void set_lvb_lock_pc(struct dlm_rsb *r, struct dlm_lkb *lkb, b = dlm_lvb_operations[lkb->lkb_grmode + 1][lkb->lkb_rqmode + 1]; if (b == 1) { int len = receive_extralen(ms); + if (len > DLM_RESNAME_MAXLEN) + len = DLM_RESNAME_MAXLEN; memcpy(lkb->lkb_lvbptr, ms->m_extra, len); lkb->lkb_lvbseq = ms->m_lvbseq; } @@ -2993,6 +2995,8 @@ static int receive_lvb(struct dlm_ls *ls, struct dlm_lkb *lkb, if (!lkb->lkb_lvbptr) return -ENOMEM; len = receive_extralen(ms); + if (len > DLM_RESNAME_MAXLEN) + len = DLM_RESNAME_MAXLEN; memcpy(lkb->lkb_lvbptr, ms->m_extra, len); } return 0; -- cgit v1.2.3