'[patch] staging: lustre: potential underflow in libcfs_kkuc_group_add()'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kernel-janitors
Subject:    [patch] staging: lustre: potential underflow in libcfs_kkuc_group_add()
From:       Dan Carpenter <dan.carpenter () oracle ! com>
Date:       2015-10-29 13:51:23
Message-ID: 20151029135122.GA7709 () mwanda
[Download RAW message or body]

My static checker says that "group" is a user controlled number that can
be negative leading to an array underflow.  I have looked at it, and I'm
not an expert enough in lustre to say for sure if it is really a bug.
Anyway, it's simple enough to make the variable unsigned which pleases
the static checker and makes it easier to audit.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h \
b/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h index \
                a989d26..41f3d81 100644
--- a/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h
+++ b/drivers/staging/lustre/include/linux/libcfs/libcfs_kernelcomm.h
@@ -91,7 +91,7 @@ typedef int (*libcfs_kkuc_cb_t)(__u32 data, void *cb_arg);
 /* Kernel methods */
 int libcfs_kkuc_msg_put(struct file *fp, void *payload);
 int libcfs_kkuc_group_put(int group, void *payload);
-int libcfs_kkuc_group_add(struct file *fp, int uid, int group,
+int libcfs_kkuc_group_add(struct file *fp, int uid, unsigned int group,
 				 __u32 data);
 int libcfs_kkuc_group_rem(int uid, int group);
 int libcfs_kkuc_group_foreach(int group, libcfs_kkuc_cb_t cb_func,
diff --git a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c \
b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c index ad661a3..d8230ae \
                100644
--- a/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c
+++ b/drivers/staging/lustre/lustre/libcfs/kernel_user_comm.c
@@ -110,7 +110,8 @@ static DECLARE_RWSEM(kg_sem);
  * @param uid identifier for this receiver
  * @param group group number
  */
-int libcfs_kkuc_group_add(struct file *filp, int uid, int group, __u32 data)
+int libcfs_kkuc_group_add(struct file *filp, int uid, unsigned int group,
+			  __u32 data)
 {
 	struct kkuc_reg *reg;
 
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic