Commit 83aca8f4 authored by Ryusuke Konishi's avatar Ryusuke Konishi

nilfs2: check size of array structured data exchanged via ioctls

Although some ioctls of nilfs2 exchange data in the form of indirectly
referenced array, some of them lack size check on the array elements.

This inserts the missing checks and rejects requests if data of ioctl
does not have a valid format.

We usually don't have to check size of structures that we associated
with ioctl commands because the size is tested implicitly for
identifying ioctl command; the checks this patch adds are for the
cases where the implicit check is not applied.
Signed-off-by: default avatarRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
parent 4f6b8288
...@@ -254,6 +254,9 @@ static int nilfs_ioctl_get_bdescs(struct inode *inode, struct file *filp, ...@@ -254,6 +254,9 @@ static int nilfs_ioctl_get_bdescs(struct inode *inode, struct file *filp,
if (copy_from_user(&argv, argp, sizeof(argv))) if (copy_from_user(&argv, argp, sizeof(argv)))
return -EFAULT; return -EFAULT;
if (argv.v_size != sizeof(struct nilfs_bdesc))
return -EINVAL;
ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd),
nilfs_ioctl_do_get_bdescs); nilfs_ioctl_do_get_bdescs);
if (ret < 0) if (ret < 0)
...@@ -599,6 +602,7 @@ static int nilfs_ioctl_sync(struct inode *inode, struct file *filp, ...@@ -599,6 +602,7 @@ static int nilfs_ioctl_sync(struct inode *inode, struct file *filp,
static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp, static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp,
unsigned int cmd, void __user *argp, unsigned int cmd, void __user *argp,
size_t membsz,
ssize_t (*dofunc)(struct the_nilfs *, ssize_t (*dofunc)(struct the_nilfs *,
__u64 *, int, __u64 *, int,
void *, size_t, size_t)) void *, size_t, size_t))
...@@ -611,6 +615,9 @@ static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp, ...@@ -611,6 +615,9 @@ static int nilfs_ioctl_get_info(struct inode *inode, struct file *filp,
if (copy_from_user(&argv, argp, sizeof(argv))) if (copy_from_user(&argv, argp, sizeof(argv)))
return -EFAULT; return -EFAULT;
if (argv.v_size != membsz)
return -EINVAL;
ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), dofunc); ret = nilfs_ioctl_wrap_copy(nilfs, &argv, _IOC_DIR(cmd), dofunc);
if (ret < 0) if (ret < 0)
return ret; return ret;
...@@ -632,16 +639,19 @@ long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) ...@@ -632,16 +639,19 @@ long nilfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp); return nilfs_ioctl_delete_checkpoint(inode, filp, cmd, argp);
case NILFS_IOCTL_GET_CPINFO: case NILFS_IOCTL_GET_CPINFO:
return nilfs_ioctl_get_info(inode, filp, cmd, argp, return nilfs_ioctl_get_info(inode, filp, cmd, argp,
sizeof(struct nilfs_cpinfo),
nilfs_ioctl_do_get_cpinfo); nilfs_ioctl_do_get_cpinfo);
case NILFS_IOCTL_GET_CPSTAT: case NILFS_IOCTL_GET_CPSTAT:
return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp); return nilfs_ioctl_get_cpstat(inode, filp, cmd, argp);
case NILFS_IOCTL_GET_SUINFO: case NILFS_IOCTL_GET_SUINFO:
return nilfs_ioctl_get_info(inode, filp, cmd, argp, return nilfs_ioctl_get_info(inode, filp, cmd, argp,
sizeof(struct nilfs_suinfo),
nilfs_ioctl_do_get_suinfo); nilfs_ioctl_do_get_suinfo);
case NILFS_IOCTL_GET_SUSTAT: case NILFS_IOCTL_GET_SUSTAT:
return nilfs_ioctl_get_sustat(inode, filp, cmd, argp); return nilfs_ioctl_get_sustat(inode, filp, cmd, argp);
case NILFS_IOCTL_GET_VINFO: case NILFS_IOCTL_GET_VINFO:
return nilfs_ioctl_get_info(inode, filp, cmd, argp, return nilfs_ioctl_get_info(inode, filp, cmd, argp,
sizeof(struct nilfs_vinfo),
nilfs_ioctl_do_get_vinfo); nilfs_ioctl_do_get_vinfo);
case NILFS_IOCTL_GET_BDESCS: case NILFS_IOCTL_GET_BDESCS:
return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp); return nilfs_ioctl_get_bdescs(inode, filp, cmd, argp);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment