[PATCH 1/3] ipc: Don't access data out of allocated slab

[Cyrill Gorcunov]

We should zeroify all data actually for security
reason but this aspect will be addressed in further
patches.

Meanwhile at least allocate enought space so pb_write
won't access data which is not allocated for us.

Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
---
 ipc_ns.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ipc_ns.c b/ipc_ns.c
index 6d05bfa..8f34317 100644
--- a/ipc_ns.c
+++ b/ipc_ns.c
@@ -75,7 +75,7 @@ static int dump_ipc_sem_set(int fd, const IpcSemEntry *sem)
 	u16 *values;
 
 	size = sizeof(u16) * sem->nsems;
-	values = xmalloc(size);
+	values = xmalloc(round_up(size, sizeof(u64)));
 	if (values == NULL) {
 		pr_err("Failed to allocate memory for semaphore set values\n");
 		ret = -ENOMEM;
@@ -185,7 +185,7 @@ static int dump_ipc_msg_queue_messages(int fd, const IpcMsgEntry *msq,
 	}
 
 	msgmax += sizeof(struct msgbuf);
-	message = xmalloc(msgmax);
+	message = xmalloc(round_up(msgmax, sizeof(u64)));
 	if (message == NULL) {
 		pr_err("Failed to allocate memory for IPC message\n");
 		return -ENOMEM;
@@ -471,11 +471,11 @@ void ipc_sem_handler(int fd, void *obj)
 	int size;
 
 	pr_msg("\n");
-	size = sizeof(u16) * e->nsems;
+	size = round_up(sizeof(u16) * e->nsems, sizeof(u64));
 	values = xmalloc(size);
 	if (values == NULL)
 		return;
-	if (read_img_buf(fd, values, round_up(size, sizeof(u64))) <= 0) {
+	if (read_img_buf(fd, values, size) <= 0) {
 		xfree(values);
 		return;
 	}
-- 
1.8.1.4


--6c2NcOVqGQ03X4Wi--