From: Mark Fasheh <mfasheh@suse.de>
To: ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] [PATCH] ocfs2: check if cluster name exists before deref
Date: Wed, 26 Mar 2014 14:43:24 -0700 [thread overview]
Message-ID: <20140326214324.GD5716@wotan.suse.de> (raw)
In-Reply-To: <20140326143303.11d720d90a6388e41bf7b6fe@linux-foundation.org>
CCing Goldywn so he actually gets this e-mail :)
On Wed, Mar 26, 2014 at 02:33:03PM -0700, Andrew Morton wrote:
> On Tue, 25 Mar 2014 13:21:58 -0400 Sasha Levin <sasha.levin@oracle.com> wrote:
>
> > Commit c74a3bdd9b "ocfs2: add clustername to cluster connection"
> > is trying to strlcpy a string which was explicitly passed as NULL
> > in the very same patch, triggering a NULL ptr deref.
> >
> > [ 640.225193] BUG: unable to handle kernel NULL pointer dereference at (null)
> > [ 640.230224] IP: strlcpy (lib/string.c:388 lib/string.c:151)
>
> Well that was a bit of a screwup.
>
> > As a side note, how the hell was this new code path tested?
> > It's obviously broken and there's no way it even passes
> > a very basic test.
>
> I was wondering that.
>
> > diff --git a/fs/ocfs2/stackglue.c b/fs/ocfs2/stackglue.c
> > index 5e4d314..83f1a66 100644
> > --- a/fs/ocfs2/stackglue.c
> > +++ b/fs/ocfs2/stackglue.c
> > @@ -346,7 +346,9 @@ int ocfs2_cluster_connect(const char *stack_name,
> >
> > strlcpy(new_conn->cc_name, group, GROUP_NAME_MAX + 1);
> > new_conn->cc_namelen = grouplen;
> > - strlcpy(new_conn->cc_cluster_name, cluster_name, CLUSTER_NAME_MAX + 1);
> > + if (cluster_name_len)
> > + strlcpy(new_conn->cc_cluster_name, cluster_name,
> > + CLUSTER_NAME_MAX + 1);
> > new_conn->cc_cluster_name_len = cluster_name_len;
> > new_conn->cc_recovery_handler = recovery_handler;
> > new_conn->cc_recovery_data = recovery_data;
>
> So we end up with the null string for the cluster name.
>
> I suppose we can merge this short-term to avoid the oops, but surely
> this isn't what's supposed to happen.
>
> Goldwyn, this needs urgent attention please.
>
> _______________________________________________
> Ocfs2-devel mailing list
> Ocfs2-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/ocfs2-devel
--
Mark Fasheh
next prev parent reply other threads:[~2014-03-26 21:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-25 17:21 [Ocfs2-devel] [PATCH] ocfs2: check if cluster name exists before deref Sasha Levin
2014-03-26 21:33 ` Andrew Morton
2014-03-26 21:43 ` Mark Fasheh [this message]
2014-03-26 22:00 ` Mark Fasheh
2014-03-26 22:08 ` Andrew Morton
2014-03-26 22:23 ` Mark Fasheh
2014-03-26 22:23 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140326214324.GD5716@wotan.suse.de \
--to=mfasheh@suse.de \
--cc=ocfs2-devel@oss.oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).