Commit 7377324e authored by Chengguang Xu's avatar Chengguang Xu Committed by Ilya Dryomov

libceph: fix misjudgement of maximum monitor number

num_mon should allow up to CEPH_MAX_MON in ceph_monmap_decode().
Signed-off-by: default avatarChengguang Xu <cgxu519@icloud.com>
Reviewed-by: default avatarIlya Dryomov <idryomov@gmail.com>
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
parent 11e1478d
...@@ -60,7 +60,7 @@ struct ceph_monmap *ceph_monmap_decode(void *p, void *end) ...@@ -60,7 +60,7 @@ struct ceph_monmap *ceph_monmap_decode(void *p, void *end)
num_mon = ceph_decode_32(&p); num_mon = ceph_decode_32(&p);
ceph_decode_need(&p, end, num_mon*sizeof(m->mon_inst[0]), bad); ceph_decode_need(&p, end, num_mon*sizeof(m->mon_inst[0]), bad);
if (num_mon >= CEPH_MAX_MON) if (num_mon > CEPH_MAX_MON)
goto bad; goto bad;
m = kmalloc(sizeof(*m) + sizeof(m->mon_inst[0])*num_mon, GFP_NOFS); m = kmalloc(sizeof(*m) + sizeof(m->mon_inst[0])*num_mon, GFP_NOFS);
if (m == NULL) if (m == NULL)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment