Commit 080e5563 authored Jan 20, 2026 by Ezrak1e Committed by David Teigland Jan 20, 2026

dlm: validate length in dlm_search_rsb_tree



The len parameter in dlm_dump_rsb_name() is not validated and comes
from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can
cause out-of-bounds write in dlm_search_rsb_tree().

Add length validation to prevent potential buffer overflow.

Signed-off-by: Ezrak1e <ezrakiez@gmail.com>
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>

parent 1416bd50

fs/dlm/lock.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -626,7 +626,8 @@ int dlm_search_rsb_tree(struct rhashtable rhash, const void name, int len,
		struct dlm_rsb **r_ret)
		{
		char key[DLM_RESNAME_MAXLEN] = {};

		if (len > DLM_RESNAME_MAXLEN)
		return -EINVAL;
		memcpy(key, name, len);
		*r_ret = rhashtable_lookup_fast(rhash, &key, dlm_rhash_rsb_params);
		if (*r_ret)