Google Git
Sign in
gem5/arm/linux/a9cc9159281d44754f621f75d4efad0076b29db4^!/./fs/dlm/lock.c
commit
a9cc9159281d44754f621f75d4efad0076b29db4
[log]
author
Al Viro <viro@zeniv.linux.org.uk>
Sat Jan 26 00:02:29 2008 -0500
committer
David Teigland <teigland@redhat.com>
Mon Feb 04 01:29:13 2008 -0600
tree
8ee69182283251b06ed725dcd1fa0ed3c05423ec
parent
ef58bccab7c7ef34451aa4ceea39545ef126b666 [diff] [blame]
dlm: fix overflows when copying from ->m_extra to lvb

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Teigland <teigland@redhat.com>

diff --git a/fs/dlm/lock.c b/fs/dlm/lock.c
index 6d98cf9..5b82187 100644
--- a/fs/dlm/lock.c
+++ b/fs/dlm/lock.c

@@ -1226,6 +1226,8 @@
 	b = dlm_lvb_operations[lkb->lkb_grmode + 1][lkb->lkb_rqmode + 1];
 	if (b == 1) {
 		int len = receive_extralen(ms);
+		if (len > DLM_RESNAME_MAXLEN)
+			len = DLM_RESNAME_MAXLEN;
 		memcpy(lkb->lkb_lvbptr, ms->m_extra, len);
 		lkb->lkb_lvbseq = ms->m_lvbseq;
 	}
@@ -2993,6 +2995,8 @@
 		if (!lkb->lkb_lvbptr)
 			return -ENOMEM;
 		len = receive_extralen(ms);
+		if (len > DLM_RESNAME_MAXLEN)
+			len = DLM_RESNAME_MAXLEN;
 		memcpy(lkb->lkb_lvbptr, ms->m_extra, len);
 	}
 	return 0;