staging/lustre/lnetselftest: Fix potential integer overflow

It looks like if the passed in parameter is not present, but
parameter length is non zero, then sanity checks on the length
are skipped and lstcon_test_add() might then use incorrect
allocation that's prone to integer overflow size.

This patch ensures that parameter len is zero if parameter is
not present.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Oleg Drokin <green@linuxhacker.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/lustre/lnet/selftest/conctl.c b/drivers/staging/lustre/lnet/selftest/conctl.c
index 02847bfdd8645502a736aa43f94a0d007e841538..94383023c1bebf49d968bac6d009fb32c46af9fe 100644 (file)
--- a/drivers/staging/lustre/lnet/selftest/conctl.c
+++ b/drivers/staging/lustre/lnet/selftest/conctl.c
@@ -742,6 +742,10 @@ static int lst_test_add_ioctl(lstio_test_args_t *args)
             PAGE_SIZE - sizeof(struct lstcon_test)))
                return -EINVAL;
 
+       /* Enforce zero parameter length if there's no parameter */
+       if (!args->lstio_tes_param && args->lstio_tes_param_len)
+               return -EINVAL;
+
        LIBCFS_ALLOC(batch_name, args->lstio_tes_bat_nmlen + 1);
        if (!batch_name)
                return rc;