diff options
| author | Max Kellermann <max.kellermann@ionos.com> | 2024-11-18 23:28:28 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-01-09 13:31:54 +0100 |
| commit | c47ed91156daf328601d02b58d52d9804da54108 (patch) | |
| tree | 782b35b2fc61ea89f166371c380efcb040e86459 /lib/check_signature.c | |
| parent | a64e5295ebc4afdefe69cdf16cc286a60ff8ba4b (diff) | |
| download | linux-c47ed91156daf328601d02b58d52d9804da54108.tar.gz linux-c47ed91156daf328601d02b58d52d9804da54108.tar.bz2 linux-c47ed91156daf328601d02b58d52d9804da54108.zip | |
ceph: give up on paths longer than PATH_MAX
commit 550f7ca98ee028a606aa75705a7e77b1bd11720f upstream.
If the full path to be built by ceph_mdsc_build_path() happens to be
longer than PATH_MAX, then this function will enter an endless (retry)
loop, effectively blocking the whole task. Most of the machine
becomes unusable, making this a very simple and effective DoS
vulnerability.
I cannot imagine why this retry was ever implemented, but it seems
rather useless and harmful to me. Let's remove it and fail with
ENAMETOOLONG instead.
Cc: stable@vger.kernel.org
Reported-by: Dario Weißer <dario@cure53.de>
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
Reviewed-by: Alex Markuze <amarkuze@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
[idryomov@gmail.com: backport to 6.6: pr_warn() is still in use]
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/check_signature.c')
0 files changed, 0 insertions, 0 deletions