staging: lustre: fix %.2X versus signed char issue
authorRasmus Villemoes <linux@rasmusvillemoes.dk>
Sun, 6 Dec 2015 00:41:31 +0000 (01:41 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 21 Dec 2015 23:46:07 +0000 (15:46 -0800)
When char is signed and one of the bytes in lmm happens to have a byte
value above 127, the result of printing that with %.2X will be 8 hex
chars, the first 6 of which are 'F'. Worst case, we'll overrun our
'carefully' allocated buffer.

I didn't have the tenacity to work through the gazillion and seven
layers of macros behind CERROR, but I assume it'll all end at some
function implemented in terms of the kernel's vsnprintf. Use %*phN for
a hexdump. That'll cap the number of dumped bytes at 64. If that's a
problem, the loop could be replaced by "bin2hex(buffer, lmm,
lmm_bytes);".

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/lustre/lustre/lov/lov_pack.c

index 198523139b3b5b205a0848902c4f69bb64382e70..6b2d1007192b8dee89fd2f6837926edfe4c1baf2 100644 (file)
@@ -258,22 +258,9 @@ static int lov_verify_lmm(void *lmm, int lmm_bytes, __u16 *stripe_count)
        int rc;
 
        if (lsm_op_find(le32_to_cpu(*(__u32 *)lmm)) == NULL) {
-               char *buffer;
-               int sz;
-
                CERROR("bad disk LOV MAGIC: 0x%08X; dumping LMM (size=%d):\n",
                       le32_to_cpu(*(__u32 *)lmm), lmm_bytes);
-               sz = lmm_bytes * 2 + 1;
-               buffer = libcfs_kvzalloc(sz, GFP_NOFS);
-               if (buffer != NULL) {
-                       int i;
-
-                       for (i = 0; i < lmm_bytes; i++)
-                               sprintf(buffer+2*i, "%.2X", ((char *)lmm)[i]);
-                       buffer[sz - 1] = '\0';
-                       CERROR("%s\n", buffer);
-                       kvfree(buffer);
-               }
+               CERROR("%*phN\n", lmm_bytes, lmm);
                return -EINVAL;
        }
        rc = lsm_op_find(le32_to_cpu(*(__u32 *)lmm))->lsm_lmm_verify(lmm,