[PATCH 03/24] staging: lustre: fix crash due to NULL networks string

From: James Simmons
Date: Mon Feb 22 2016 - 17:36:43 EST

Next message: James Simmons: "[PATCH 01/24] staging: lustre: Dynamic LNet Configuration (DLC) IOCTL changes"
Previous message: James Simmons: "[PATCH 04/24] staging: lustre: DLC user/kernel space glue code"
In reply to: James Simmons: "[PATCH 04/24] staging: lustre: DLC user/kernel space glue code"
Next in thread: James Simmons: "[PATCH 01/24] staging: lustre: Dynamic LNet Configuration (DLC) IOCTL changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Amir Shehata <amir.shehata@xxxxxxxxx>

If there is an invalid networks or ip2nets lnet_parse_networks()
gets called with a NULL 'network' string parameter

lnet_parse_networks() needs to sanitize its input string now that
it's being called from multiple places. Instead, check for
a NULL string everytime the function is called, which reduces the
probability of errors with other code modifications.

Signed-off-by: Amir Shehata <amir.shehata@xxxxxxxxx>
Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5540
Reviewed-on: http://review.whamcloud.com/11626
Reviewed-by: Isaac Huang <he.huang@xxxxxxxxx>
Reviewed-by: Doug Oucharek <doug.s.oucharek@xxxxxxxxx>
Reviewed-by: Oleg Drokin <oleg.drokin@xxxxxxxxx>
---
drivers/staging/lustre/lnet/lnet/api-ni.c | 5 +----
drivers/staging/lustre/lnet/lnet/config.c | 9 ++++++++-
2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/lustre/lnet/lnet/api-ni.c b/drivers/staging/lustre/lnet/lnet/api-ni.c
index b2b914a..c68d01e 100644
--- a/drivers/staging/lustre/lnet/lnet/api-ni.c
+++ b/drivers/staging/lustre/lnet/lnet/api-ni.c
@@ -1535,7 +1535,6 @@ LNetNIInit(lnet_pid_t requested_pid)
lnet_ping_info_t *pinfo;
lnet_handle_md_t md_handle;
struct list_head net_head;
- char *nets;

INIT_LIST_HEAD(&net_head);

@@ -1550,13 +1549,11 @@ LNetNIInit(lnet_pid_t requested_pid)
return rc;
}

- nets = lnet_get_networks();
-
rc = lnet_prepare(requested_pid);
if (rc)
goto failed0;

- rc = lnet_parse_networks(&net_head, nets);
+ rc = lnet_parse_networks(&net_head, lnet_get_networks());
if (rc < 0)
goto failed1;

diff --git a/drivers/staging/lustre/lnet/lnet/config.c b/drivers/staging/lustre/lnet/lnet/config.c
index 1ef07cd..013d41b 100644
--- a/drivers/staging/lustre/lnet/lnet/config.c
+++ b/drivers/staging/lustre/lnet/lnet/config.c
@@ -184,7 +184,7 @@ int
lnet_parse_networks(struct list_head *nilist, char *networks)
{
struct cfs_expr_list *el = NULL;
- int tokensize = strlen(networks) + 1;
+ int tokensize;
char *tokens;
char *str;
char *tmp;
@@ -192,6 +192,11 @@ lnet_parse_networks(struct list_head *nilist, char *networks)
__u32 net;
int nnets = 0;

+ if (!networks) {
+ CERROR("networks string is undefined\n");
+ return -EINVAL;
+ }
+
if (strlen(networks) > LNET_SINGLE_TEXTBUF_NOB) {
/* _WAY_ conservative */
LCONSOLE_ERROR_MSG(0x112,
@@ -199,6 +204,8 @@ lnet_parse_networks(struct list_head *nilist, char *networks)
return -EINVAL;
}

+ tokensize = strlen(networks) + 1;
+
LIBCFS_ALLOC(tokens, tokensize);
if (!tokens) {
CERROR("Can't allocate net tokens\n");
--
1.7.1

Next message: James Simmons: "[PATCH 01/24] staging: lustre: Dynamic LNet Configuration (DLC) IOCTL changes"
Previous message: James Simmons: "[PATCH 04/24] staging: lustre: DLC user/kernel space glue code"
In reply to: James Simmons: "[PATCH 04/24] staging: lustre: DLC user/kernel space glue code"
Next in thread: James Simmons: "[PATCH 01/24] staging: lustre: Dynamic LNet Configuration (DLC) IOCTL changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]