From 575ba6e90f005cefb8b1100169a024083d8b4a4a Mon Sep 17 00:00:00 2001
Message-Id: <575ba6e90f005cefb8b1100169a024083d8b4a4a@dist-git>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Mon, 8 Mar 2021 12:57:36 +0100
Subject: [PATCH] virDevMapperGetTargetsImpl: Use correct length when copying
into dm.name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For reasons unknown, when rewriting this code and dropping
libdevmapper I've mistakenly used incorrect length of dm.name. In
linux/dm-ioctl.h the dm_ioctl struct is defined as follows:
#define DM_NAME_LEN 128
struct dm_ioctl {
...
char name[DM_NAME_LEN]; /* device name */
...
};
However, when copying string into this member, DM_TABLE_DEPS was
used, which is defined as follows:
#define DM_TABLE_DEPS _IOWR(DM_IOCTL, DM_TABLE_DEPS_CMD, struct dm_ioctl)
After decryption, this results in the following size: 3241737483.
Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 4f30c1bb8c32374c62f90abb5aa224611c59c363)
Conflicts:
- src/util/virdevmapper.c: The same story as a few commits ago:
virStrcpy() returns a pointer, but the cherry picked commit
expects integer.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1933557
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Message-Id: <f97200b6dcef39effa380e7e6ea43e8ee02f6b61.1615203117.git.mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/util/virdevmapper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index 4994b4caef..dcb3c08df5 100644
--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
@@ -257,7 +257,7 @@ virDevMapperGetTargetsImpl(int controlFD,
if (!(sanitizedPath = virDMSanitizepath(path)))
return 0;
- if (virStrcpy(dm.name, sanitizedPath, DM_TABLE_DEPS) == NULL) {
+ if (virStrcpy(dm.name, sanitizedPath, DM_NAME_LEN) == NULL) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Resolved device mapper name too long"));
return -1;
--
2.31.0