| commit | 76aa542fb90e3e91edb1146d10ca7cf2cae8e7e9 | [log] [tgz] |
|---|---|---|
| author | Xi Wang <xi.wang@gmail.com> | Fri Apr 20 15:49:44 2012 -0500 |
| committer | Alex Elder <elder@dreamhost.com> | Mon May 14 12:12:27 2012 -0500 |
| tree | d01a137e60126d140790c64f1a3994c62792b61e | |
| parent | 065a68f9167e20f321a62d044cb2c3024393d455 [diff] |
ceph: fix bounds check in ceph_decode_need and ceph_encode_need Given a large n, the bounds check (*p + n > end) can be bypassed due to pointer wraparound. A safer check is (n > end - *p). [elder@dreamhost.com: inverted test and renamed ceph_has_room()] Signed-off-by: Xi Wang <xi.wang@gmail.com> Reviewed-by: Alex Elder <elder@dreamhost.com>