From da0f745cb685deea0a9d5ce018c5d2661c77d5ae Mon Sep 17 00:00:00 2001 From: Zdenek Kabelac Date: Tue, 28 Feb 2012 09:58:19 +0000 Subject: [PATCH] Limit max size of clvmd message This could be seen as some sort of simple validation - it's not easy to recognize a valid message for now - but we definitely do not want to allocate a lot of megabytes in clvmd memory locked daemon when broken message gets in. Size of 8000 is just selected for now - possibly there could be much lower value put in. --- WHATS_NEW | 1 + daemons/clvmd/clvmd.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/WHATS_NEW b/WHATS_NEW index f5dad98a2..9c3e71197 100644 --- a/WHATS_NEW +++ b/WHATS_NEW @@ -1,5 +1,6 @@ Version 2.02.94 - ==================================== + Limit the max size of processed clvmd message to ~8KB. Do not send uninitilised bytes in cluster error reply messages. Use unsigned type for bitmask instead of enum type for lvm properties. Add missing cleanup of excl_uuid hash on some exit paths of clvmd. diff --git a/daemons/clvmd/clvmd.c b/daemons/clvmd/clvmd.c index 89c39d489..5a24bc856 100644 --- a/daemons/clvmd/clvmd.c +++ b/daemons/clvmd/clvmd.c @@ -49,6 +49,7 @@ #endif #define MAX_RETRIES 4 +#define MAX_MISSING_LEN = 8000 /* Max supported clvmd message size ? */ #define ISLOCAL_CSID(c) (memcmp(c, our_csid, max_csid_len) == 0) @@ -1204,7 +1205,8 @@ static int read_from_local_sock(struct local_client *thisfd) missing_len = 0; /* We need at least sizeof(struct clvm_header) bytes in buffer */ - if (len < sizeof(struct clvm_header) || argslen < 0) { + if (len < sizeof(struct clvm_header) || argslen < 0 || + missing_len > MAX_MISSING_LEN) { struct clvm_header reply = { .cmd = CLVMD_CMD_REPLY, .status = EINVAL