75b07eca3e
by importing the upstream release as patches. replace user namespace patch with version which has been applied usptream.
41 lines
1.2 KiB
Diff
41 lines
1.2 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Chunwei Chen <david.chen@nutanix.com>
|
|
Date: Thu, 1 Feb 2018 15:41:05 -0800
|
|
Subject: [PATCH] Fix zle_decompress out of bound access
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
|
|
Reviewed-by: loli10K <ezomori.nozomu@gmail.com>
|
|
Signed-off-by: Chunwei Chen <david.chen@nutanix.com>
|
|
Closes #7099
|
|
(cherry picked from commit 5e566c57726226ceeca09b1eb19cb1c373622763)
|
|
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
|
|
---
|
|
module/zfs/zle.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/module/zfs/zle.c b/module/zfs/zle.c
|
|
index 13c5673fb..613607faa 100644
|
|
--- a/module/zfs/zle.c
|
|
+++ b/module/zfs/zle.c
|
|
@@ -74,10 +74,14 @@ zle_decompress(void *s_start, void *d_start, size_t s_len, size_t d_len, int n)
|
|
while (src < s_end && dst < d_end) {
|
|
int len = 1 + *src++;
|
|
if (len <= n) {
|
|
+ if (src + len > s_end || dst + len > d_end)
|
|
+ return (-1);
|
|
while (len-- != 0)
|
|
*dst++ = *src++;
|
|
} else {
|
|
len -= n;
|
|
+ if (dst + len > d_end)
|
|
+ return (-1);
|
|
while (len-- != 0)
|
|
*dst++ = 0;
|
|
}
|
|
--
|
|
2.14.2
|
|
|