fs: dlm: invalid buffer access in lookup error

This patch will evaluate the message length if a dlm opts header can fit
in before accessing it if a node lookup fails. The invalid sequence
error means that the version detection failed and an unexpected message
arrived. For debugging such situation the type of arrived message is
important to know.

Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>

diff --git a/fs/dlm/midcomms.c b/fs/dlm/midcomms.c
index 92f95ee7003a3385471c54a36179bdef411df8b8..e3de268898ed346a89b82cd5514d9e87bdd958ce 100644 (file)
--- a/fs/dlm/midcomms.c
+++ b/fs/dlm/midcomms.c
@@ -621,8 +621,23 @@ dlm_midcomms_recv_node_lookup(int nodeid, const union dlm_packet *p,
 
        node = nodeid2node(nodeid, allocation);
        if (!node) {
-               log_print_ratelimited("received dlm message cmd %d nextcmd %d from node %d in an invalid sequence",
-                                     p->header.h_cmd, p->opts.o_nextcmd, nodeid);
+               switch (p->header.h_cmd) {
+               case DLM_OPTS:
+                       if (msglen < sizeof(struct dlm_opts)) {
+                               log_print("opts msg too small: %u, will skip this message from node %d",
+                                         msglen, nodeid);
+                               return NULL;
+                       }
+
+                       log_print_ratelimited("received dlm opts message nextcmd %d from node %d in an invalid sequence",
+                                             p->opts.o_nextcmd, nodeid);
+                       break;
+               default:
+                       log_print_ratelimited("received dlm message cmd %d from node %d in an invalid sequence",
+                                             p->header.h_cmd, nodeid);
+                       break;
+               }
+
                return NULL;
        }