A malicious program might inject a large buffer via the CLI and causing the daemon to abort due to OOM. So limit the maximum CLI buffer size to 64k. Found by coverity.
Signed-off-by: Hannes Reinecke <[email protected]> --- libmpathcmd/mpath_cmd.c | 2 ++ libmpathcmd/mpath_cmd.h | 1 + 2 files changed, 3 insertions(+) diff --git a/libmpathcmd/mpath_cmd.c b/libmpathcmd/mpath_cmd.c index 1aaf5ea..2290ecb 100644 --- a/libmpathcmd/mpath_cmd.c +++ b/libmpathcmd/mpath_cmd.c @@ -142,6 +142,8 @@ int mpath_recv_reply(int fd, char **reply, unsigned int timeout) len = mpath_recv_reply_len(fd, timeout); if (len <= 0) return len; + if (len > MAX_REPLY_LEN) + return -EINVAL; *reply = malloc(len); if (!*reply) return -1; diff --git a/libmpathcmd/mpath_cmd.h b/libmpathcmd/mpath_cmd.h index 4ec0291..f33f000 100644 --- a/libmpathcmd/mpath_cmd.h +++ b/libmpathcmd/mpath_cmd.h @@ -28,6 +28,7 @@ extern "C" { #define DEFAULT_SOCKET "/org/kernel/linux/storage/multipathd" #define DEFAULT_REPLY_TIMEOUT 1000 +#define MAX_REPLY_LEN 65536 /* -- 2.6.6 -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
