[PATCH 15/21] dm: Additional data_size/data_start checks
Eugene Syromyatnikov
evgsyr at gmail.com
Sun Oct 9 13:31:02 UTC 2016
---
dm.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/dm.c b/dm.c
index 814d7d2..289bc0d 100644
--- a/dm.c
+++ b/dm.c
@@ -293,7 +293,8 @@ dm_known_ioctl(struct tcb *tcp, const unsigned int code, long arg)
if (!ioc)
return 0;
- if (umoven(tcp, arg, sizeof(*ioc) - sizeof(ioc->data), ioc) < 0) {
+ if ((umoven(tcp, arg, sizeof(*ioc) - sizeof(ioc->data), ioc) < 0) ||
+ (ioc->data_size < offsetof(struct dm_ioctl, data_size))) {
free(ioc);
return 0;
}
@@ -335,6 +336,11 @@ dm_known_ioctl(struct tcb *tcp, const unsigned int code, long arg)
goto skip;
}
+ if (ioc->data_size < (sizeof(*ioc) - sizeof(ioc->data))) {
+ tprints(", /* Incorrect data_size */ ...");
+ goto skip;
+ }
+
dm_decode_device(code, ioc);
dm_decode_values(tcp, code, ioc);
dm_decode_flags(ioc);
--
1.7.10.4
More information about the Strace-devel
mailing list