xfs
[Top] [All Lists]

Re: [PATCH] Validate string -> number conversion.

To: xfs@xxxxxxxxxxx
Subject: Re: [PATCH] Validate string -> number conversion.
From: Arkadiusz Miskiewicz <arekm@xxxxxxxx>
Date: Wed, 25 Aug 2010 10:45:54 +0200
In-reply-to: <1282724556-19456-1-git-send-email-arekm@xxxxxxxx>
References: <1282724556-19456-1-git-send-email-arekm@xxxxxxxx>
User-agent: KMail/1.13.5 (Linux/2.6.36-rc2-00003-g9ee4747; KDE/4.5.0; x86_64; ; )
On Wednesday 25 of August 2010, Arkadiusz Miśkiewicz wrote:
> Make sure that numbers passed as string will fit into proper
> types when doing string->uid_t/gid_t/prid_t conversion.
> 
> Signed-off-by: Arkadiusz Miśkiewicz <arekm@xxxxxxxx>
> ---
>  libxcmd/input.c |   18 +++++++++++++++---
>  quota/project.c |    2 +-
>  2 files changed, 16 insertions(+), 4 deletions(-)

On the kernel side something like below is needed (compile tested only).
The true fix is to extend on disk di_projid to 32bit (there is room for that).

diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
index 237f5ff..1d9cf4f 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c
@@ -906,6 +906,11 @@ xfs_ioctl_setattr(
        if (XFS_FORCED_SHUTDOWN(mp))
                return XFS_ERROR(EIO);
 
+       /* Make sure a userspace passed projid (32bit) will fit on disk (16bit) 
*/
+       if (fa->fsx_projid > (__uint16_t)-1) {
+               code = XFS_ERROR(EINVAL);                                       
                                                             
+               goto error_return; 
+       }
        /*
         * If disk quotas is on, we make sure that the dquots do exist on disk,
         * before we start any other transactions. Trying to do this later


-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

<Prev in Thread] Current Thread [Next in Thread>