[PATCH 5.11 019/329] fs: dlm: check on minimum msglen size

17 May 2021

From: Alexander Aring aahringo@redhat.com
[ Upstream commit 710176e8363f269c6ecd73d203973b31ace119d3 ]
This patch adds an additional check for minimum dlm header size which is
an invalid dlm message and signals a broken stream. A msglen field cannot
be less than the dlm header size because the field is inclusive header
lengths.
Signed-off-by: Alexander Aring aahringo@redhat.com
Signed-off-by: David Teigland teigland@redhat.com
Signed-off-by: Sasha Levin sashal@kernel.org
---
 fs/dlm/midcomms.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/dlm/midcomms.c b/fs/dlm/midcomms.c
index fde3a6afe4be..0bedfa8606a2 100644
--- a/fs/dlm/midcomms.c
+++ b/fs/dlm/midcomms.c
@@ -49,9 +49,10 @@ int dlm_process_incoming_buffer(int nodeid, unsigned char *buf, int len)
    	 * cannot deliver this message to upper layers
    	 */
    	msglen = get_unaligned_le16(&hd->h_length);
-		if (msglen > DEFAULT_BUFFER_SIZE) {
-			log_print("received invalid length header: %u, will abort message parsing",
-				  msglen);
+		if (msglen > DEFAULT_BUFFER_SIZE ||
+		    msglen < sizeof(struct dlm_header)) {
+			log_print("received invalid length header: %u from node %d, will abort message parsing",
+				  msglen, nodeid);
    		return -EBADMSG;
    	}
-- 
2.30.2




    

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 5.11 019/329] fs: dlm: check on minimum msglen size