Add MAX_LUNS overflow safety checks.
While this MAX_LUNS limitation is too synthetic and should be removed, it is better to enforce it while it is here. MFC after: 2 weeks
This commit is contained in:
Alexander Motin
parent
7502cc401b
commit
dad99db247
@ -821,6 +821,11 @@ lun_number: STR
|
|||||||
free($1);
|
free($1);
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
|
if (tmp >= MAX_LUNS) {
|
||||||
|
yyerror("LU number is too big");
|
||||||
|
free($1);
|
||||||
|
return (1);
|
||||||
|
}
|
||||||
|
|
||||||
ret = asprintf(&name, "%s,lun,%ju", target->t_name, tmp);
|
ret = asprintf(&name, "%s,lun,%ju", target->t_name, tmp);
|
||||||
if (ret <= 0)
|
if (ret <= 0)
|
||||||
@ -845,6 +850,11 @@ target_lun_ref: LUN STR STR
|
|||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
free($2);
|
free($2);
|
||||||
|
if (tmp >= MAX_LUNS) {
|
||||||
|
yyerror("LU number is too big");
|
||||||
|
free($3);
|
||||||
|
return (1);
|
||||||
|
}
|
||||||
|
|
||||||
lun = lun_find(conf, $3);
|
lun = lun_find(conf, $3);
|
||||||
free($3);
|
free($3);
|
||||||
|
|||||||
@ -183,18 +183,25 @@ static int
|
|||||||
uclparse_target_lun(struct target *target, const ucl_object_t *obj)
|
uclparse_target_lun(struct target *target, const ucl_object_t *obj)
|
||||||
{
|
{
|
||||||
struct lun *lun;
|
struct lun *lun;
|
||||||
|
uint64_t tmp;
|
||||||
|
|
||||||
if (obj->type == UCL_INT) {
|
if (obj->type == UCL_INT) {
|
||||||
char *name;
|
char *name;
|
||||||
|
|
||||||
asprintf(&name, "%s,lun,%ju", target->t_name,
|
tmp = ucl_object_toint(obj);
|
||||||
ucl_object_toint(obj));
|
if (tmp >= MAX_LUNS) {
|
||||||
|
log_warnx("LU number %ju in target \"%s\" is too big",
|
||||||
|
tmp, target->t_name);
|
||||||
|
return (1);
|
||||||
|
}
|
||||||
|
|
||||||
|
asprintf(&name, "%s,lun,%ju", target->t_name, tmp);
|
||||||
lun = lun_new(conf, name);
|
lun = lun_new(conf, name);
|
||||||
if (lun == NULL)
|
if (lun == NULL)
|
||||||
return (1);
|
return (1);
|
||||||
|
|
||||||
lun_set_scsiname(lun, name);
|
lun_set_scsiname(lun, name);
|
||||||
target->t_luns[ucl_object_toint(obj)] = lun;
|
target->t_luns[tmp] = lun;
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -207,6 +214,12 @@ uclparse_target_lun(struct target *target, const ucl_object_t *obj)
|
|||||||
"\"number\" integer property", target->t_name);
|
"\"number\" integer property", target->t_name);
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
|
tmp = ucl_object_toint(num);
|
||||||
|
if (tmp >= MAX_LUNS) {
|
||||||
|
log_warnx("LU number %ju in target \"%s\" is too big",
|
||||||
|
tmp, target->t_name);
|
||||||
|
return (1);
|
||||||
|
}
|
||||||
|
|
||||||
if (name == NULL || name->type != UCL_STRING) {
|
if (name == NULL || name->type != UCL_STRING) {
|
||||||
log_warnx("lun section in target \"%s\" is missing "
|
log_warnx("lun section in target \"%s\" is missing "
|
||||||
@ -218,7 +231,7 @@ uclparse_target_lun(struct target *target, const ucl_object_t *obj)
|
|||||||
if (lun == NULL)
|
if (lun == NULL)
|
||||||
return (1);
|
return (1);
|
||||||
|
|
||||||
target->t_luns[ucl_object_toint(num)] = lun;
|
target->t_luns[tmp] = lun;
|
||||||
}
|
}
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user